)]}' { "log": [ { "commit": "5d1c8bd07c4d77959b6a0434ed8e947213fcddf3", "tree": "83e172935304b5c1fe07a8d59123379c85e41ac5", "parents": [ "1ba4b68f6cd36f09d7a640136ac149a2aa5d6aef" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Jun 01 06:48:22 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 01 06:48:22 2026" }, "message": "Bump the github-actions group with 3 updates (#2659)\n\nBumps the github-actions group with 3 updates: [actions/stale](https://github.com/actions/stale), [actions/labeler](https://github.com/actions/labeler) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/stale` from 10.2.0 to 10.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhancement: ignore stale labeling events by \u003ca href\u003d\"https://github.com/shamoon\"\u003e\u003ccode\u003e@​shamoon\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1311\"\u003eactions/stale#1311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​octokit/plugin-retry\u003c/code\u003e, \u003ca href\u003d\"https://github.com/typescript-eslint\"\u003e\u003ccode\u003e@​typescript-eslint\u003c/code\u003e\u003c/a\u003e) by \u003ca href\u003d\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1335\"\u003eactions/stale#1335\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/shamoon\"\u003e\u003ccode\u003e@​shamoon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1311\"\u003eactions/stale#1311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.3.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899\"\u003e\u003ccode\u003eeb5cf3a\u003c/code\u003e\u003c/a\u003e chore: upgrade dependencies and bump version to 10.3.0 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1335\"\u003e#1335\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/db5d06a4c82d5e94513c09c406638111df61f63e\"\u003e\u003ccode\u003edb5d06a\u003c/code\u003e\u003c/a\u003e Enhancement: ignore stale labeling events (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1311\"\u003e#1311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/labeler` from 6.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/labeler/releases\"\u003eactions/labeler\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by \u003ca href\u003d\"https://github.com/bluca\"\u003e\u003ccode\u003e@​bluca\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/923\"\u003eactions/labeler#923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Labeler Action documentation and permission error handling by \u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/897\"\u003eactions/labeler#897\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve manually added labels during workflow runs and refine label synchronization logic by \u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/917\"\u003eactions/labeler#917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/877\"\u003eactions/labeler#877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 10.0.1 to 10.2.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/926\"\u003eactions/labeler#926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/github\u003c/code\u003e, js-yaml, minimatch, \u003ca href\u003d\"https://github.com/typescript-eslint\"\u003e\u003ccode\u003e@​typescript-eslint\u003c/code\u003e\u003c/a\u003e) by \u003ca href\u003d\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/934\"\u003eactions/labeler#934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/897\"\u003eactions/labeler#897\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/bluca\"\u003e\u003ccode\u003e@​bluca\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/923\"\u003eactions/labeler#923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/934\"\u003eactions/labeler#934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/labeler/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/labeler/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/f27b608878404679385c85cfa523b85ccb86e213\"\u003e\u003ccode\u003ef27b608\u003c/code\u003e\u003c/a\u003e chore: upgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/github\u003c/code\u003e, js-yaml, minimat...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/c5dadc2a45784a4b6adfcd20fea3465da3a5f904\"\u003e\u003ccode\u003ec5dadc2\u003c/code\u003e\u003c/a\u003e Add \u0027changed-files-labels-limit\u0027 and \u0027max-files-changed\u0027 configs to allow cap...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/e52e4fb63ed5cd0e07abaad9826b2a893ccb921f\"\u003e\u003ccode\u003ee52e4fb\u003c/code\u003e\u003c/a\u003e Bump minimatch from 10.0.1 to 10.2.3 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/77a4082b841706ac431479b7e2bb11216ffef250\"\u003e\u003ccode\u003e77a4082\u003c/code\u003e\u003c/a\u003e Fix: Preserve manually added labels during workflow run and refine label sync...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/25abb3cad4f14b7ac27968a495c37798860a5a1a\"\u003e\u003ccode\u003e25abb3c\u003c/code\u003e\u003c/a\u003e Improve Labeler Action Documentation and Error Handling for Permissions (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/897\"\u003e#897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/395c8cfdb1e1e691cc4bad0dd315820af8eb67fd\"\u003e\u003ccode\u003e395c8cf\u003c/code\u003e\u003c/a\u003e Bump brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/labeler/compare/634933edcd8ababfe52f92936142cc22ac488b1b...f27b608878404679385c85cfa523b85ccb86e213\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.2 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "1ba4b68f6cd36f09d7a640136ac149a2aa5d6aef", "tree": "2c3536ef57dd6ff9d52911d6b720513fa2952ed5", "parents": [ "fe9e65866919d28364f2c1bdd806a0a3d5cb101a" ], "author": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Fri May 22 20:28:30 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 22 20:28:30 2026" }, "message": "Fix unawaited_return_in_try_block (#2654)\n\nIn preparation for new diagnostics, fix existing violations." }, { "commit": "fe9e65866919d28364f2c1bdd806a0a3d5cb101a", "tree": "d28b4fd59f8ee12a0e2ce8018fc4d77e0f811567", "parents": [ "27e640ad480c35118024cd1679f12000484f220b" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed May 20 23:31:36 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 23:31:36 2026" }, "message": "Revert \"Disallow exiting from VM tests (#2640)\" (#2652)\n\nThis reverts commit 86fcce24d18be9bcbd3f387681dcfc24d1517acd.\n\nUsing `IOOverrides` can cause observable behavior changes so this is a\nbreaking change. We will need to wait for a fix we can rely on in the\nSDK before it\u0027s safe to roll this out.\n\nhttps://github.com/dart-lang/sdk/issues/63418" }, { "commit": "27e640ad480c35118024cd1679f12000484f220b", "tree": "022ab970bcdec5791d20501ae7f97f3379929d87", "parents": [ "44a8e78fd0eaa84b1fed89ad810eb2e5e476f11c" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed May 20 14:41:52 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 14:41:52 2026" }, "message": "Use dev tools URL when debugging (#2283)\n\nTowards #2185\n\nThe Observatory UI is no longer served and the current URL does not\nwork. Dev Tools does not support deep linking to a particular isolate or\nlibrary, so link to the overall devtools app for now." }, { "commit": "44a8e78fd0eaa84b1fed89ad810eb2e5e476f11c", "tree": "e2f516e2702446bf7ff9db7704bda136e92e98c2", "parents": [ "64081690f8b48c987d1a4fb59b5f55836a2df145" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed May 20 01:53:54 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 01:53:54 2026" }, "message": "Fix output for multiline clauses in failures (#2646)\n\nIn a failure message the parts of the expectation which were checked and\nsatisfied are represented in both the \"Expected\" and \"Actual\" portions.\nThis is handled by tracking how many lines of the text overlaps.\nPreviously this tracked the depth of nesting and assumed each level\ncontributed only a single line, but this assumption is violated by some\nexpectations which print with multiple lines. Correct the overlap\naccounting to include the actual number of lines added by a label." }, { "commit": "64081690f8b48c987d1a4fb59b5f55836a2df145", "tree": "68327bde069eebe6713e1d0a2126753d86819d9b", "parents": [ "2da017871a982fffc77b85c26400052997b8ecd6" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed May 20 01:52:51 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 20 01:52:51 2026" }, "message": "Indent string diffs lines (#2648)\n\nI noticed that the failure messages are a little easier to read if the\nlines showing the point in the string that deviates are indented\nrelative to the \"Which\" header.\n\nBefore\n\n Expected: a String that:\n equals \u0027some other String\u0027\n Actual: \u0027some String\u0027\n Which: differs at offset 5:\n some other Stri ...\n some String\n ^\n\nAfter\n\n Expected: a String that:\n equals \u0027some other String\u0027\n Actual: \u0027some String\u0027\n Which: differs at offset 5:\n some other Stri ...\n some String\n ^" }, { "commit": "2da017871a982fffc77b85c26400052997b8ecd6", "tree": "6b2dff7249ab455a44dad85c69703c4b468b53c3", "parents": [ "376443b9fcf12bd72bb3e7f48265ef2a42a807e0" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue May 19 22:29:43 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 22:29:43 2026" }, "message": "Shorten failure message for NaN/not NaN (#2649)\n\nThe \"expected\" and \"actual\" here already clearly express the \"NaN\"\nconcept and every time I see failure output with this `which` phrase in\npractice it feels redundant." }, { "commit": "376443b9fcf12bd72bb3e7f48265ef2a42a807e0", "tree": "9819c9a502b315a0127c06393dfe274b6035c8ec", "parents": [ "b3f92fa9fa9309d7e070f3604b170874ccaaaee1" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue May 19 18:58:50 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 19 18:58:50 2026" }, "message": "Handle async conditions in mayEmit (#2647)\n\nFix a bug where the allowed `AsyncCondition` is used with `softCheck`\ninstead of `softCheckAsync`. Make it feasible to catch the exception for\nusing an asynchronous condition in `describe`, and use that exception to\ndetect when to fallback on a more general clause description for\n`mayEmit` and `mayEmitMultiple`.\n\nNote that callers of `nestAsync` and `expectAsync` should synchronously\nsurface a potential synchronous exception and update all existing\ncallers to do so." }, { "commit": "b3f92fa9fa9309d7e070f3604b170874ccaaaee1", "tree": "88c0a67199dc999435b8e5b3ee80edbd22ef8425", "parents": [ "86fcce24d18be9bcbd3f387681dcfc24d1517acd" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon May 18 20:40:13 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 18 20:40:13 2026" }, "message": "More consistent unexpected error formatting (#2644)\n\n- Include stack traces in the rejection output for more extensions which\n have catch blocks for unexpected exceptions.\n- Use more consistent phrasing and formatting with a line ending in\n `at:` before the stack trace.\n- Add indentation to all outputs that include stack traces.\n- Use the `LineSplitter.split` utility method everywhere lines are split." }, { "commit": "86fcce24d18be9bcbd3f387681dcfc24d1517acd", "tree": "f30462701456ae763299ef7e0a597351d4c6292f", "parents": [ "a5374bf2fe9cb5a193a8b8e61d0b9e32bcb220e8" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri May 15 21:50:34 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 15 21:50:34 2026" }, "message": "Disallow exiting from VM tests (#2640)\n\nAs suggested in #2577\n\nTests exiting early with a hard exit is an infrequent but persistent\nsource of confusion. Use `IOOverrides` to treat any call to `exit` as a\ntest failure instead of a VM exit." }, { "commit": "a5374bf2fe9cb5a193a8b8e61d0b9e32bcb220e8", "tree": "09abe9c95cf653bad4283ada935587f7db96575c", "parents": [ "14f99ecdcb74778654d936ce26c70798a3b6649f" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri May 15 19:01:50 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 15 19:01:50 2026" }, "message": "Reformat with latest dev SDK (#2641)" }, { "commit": "14f99ecdcb74778654d936ce26c70798a3b6649f", "tree": "0c762f4a9fbcf6609a849a12f4bb2ff0381b5edc", "parents": [ "fd2b4be610fb75837e217db7c18b8e74a08b5534" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri May 01 23:18:32 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 23:18:32 2026" }, "message": "Track the OS for browser platforms (#2449)\n\nWe currently do not allow making configuration using tools like\n`OnPlatform` that is specific to an OS and browser combination. So if\nthere is a situation where tests don\u0027t work on firefox on windows, but\nwork everywhere else, we cannot express an intent to skip just the\nfailing tests.\n\nIn a usage like `OnPlatform({\u0027windows \u0026\u0026 firefox\u0027})` the selector will\nnever be true because `firefox` and `windows` are mutually exclusive.\nIt does allow cases like `\u0027windows || firefox\u0027` which matches windows VM\ntests and firefox everywhere.\n\nChanging this means a change to how existing selectors are evaluated. CI\nmay be impacted if a package is configuring a skip for an OS expecting\nonly the VM tests to be skipped on that OS with the browser tests still\nrunning.\n\nUse the new capability to skip a test that is failing on windows firefox\nbrowser." }, { "commit": "fd2b4be610fb75837e217db7c18b8e74a08b5534", "tree": "c451a8e868ebdfd996643a5acb51447d055086ec", "parents": [ "a1b82f18d73b07d8c9cb1ceb2217b2757135e02e" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri May 01 23:08:03 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 23:08:03 2026" }, "message": "Override test packages in coverage tests (#2638)\n\nThese tests use the `runTest` test utility which uses a precompiled test\nrunner built from the repo sources. They also use `runPub` to run fetch\npublished versions of the test packages using a pubspec it creates. This\ncauses a version mismatch between the runner and the version of the test\npackages the test file is importing when it is compiled.\n\nAdd a `dependency_overrides` section to each generated pubspec in the\ncoverage tests. Override all 3 test runner implementation packages to\nuse the repo sources." }, { "commit": "a1b82f18d73b07d8c9cb1ceb2217b2757135e02e", "tree": "6e5f74829e135823b66a26d5f4edee462cb38976", "parents": [ "d5da9229e3dd3da95194c79f0b929c08432e6ec5" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri May 01 04:03:25 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 04:03:25 2026" }, "message": "Bump the github-actions group with 3 updates (#2637)\n\nBumps the github-actions group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.1 to 4.35.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository\u0027s settings. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/95e58e9a2cdfd71adc6e0353d5c52f41a045d225\"\u003e\u003ccode\u003e95e58e9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3824\"\u003e#3824\u003c/a\u003e from github/update-v4.35.2-d2e135a73\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/6f31bfe060e817d81e938dbec767969d20031e25\"\u003e\u003ccode\u003e6f31bfe\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d2e135a73a39154e3a231aeb49163c4661c5b8b1\"\u003e\u003ccode\u003ed2e135a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3823\"\u003e#3823\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/60abb65df09fcf213c398e064c8a80db1f15cdaf\"\u003e\u003ccode\u003e60abb65\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5a0a562209255e956ad8aafcee303294e64eefa2\"\u003e\u003ccode\u003e5a0a562\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65216971a11ded447a6b76263d5a144519e5eee1\"\u003e\u003ccode\u003e6521697\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3820\"\u003e#3820\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3c45af2dd258e1623af1898da5c86545b514e028\"\u003e\u003ccode\u003e3c45af2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3821\"\u003e#3821\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-345b93...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f1c339364c12f922998186ed897e45e3b4ae8874\"\u003e\u003ccode\u003ef1c3393\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1024fc496c87e944a93e98d8cf2c09e2c7602a30\"\u003e\u003ccode\u003e1024fc4\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9dd4cfed96030ccdfe1af4daf7a7964322704fed\"\u003e\u003ccode\u003e9dd4cfe\u003c/code\u003e\u003c/a\u003e Bump the npm-minor group across 1 directory with 6 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "d5da9229e3dd3da95194c79f0b929c08432e6ec5", "tree": "fadbea1942f2cc283149bf97ae4d776705b369b5", "parents": [ "c8c76f457bbe64f8707b3c7c7259790f593d8c72" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Tue Apr 28 00:32:33 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 28 00:32:33 2026" }, "message": "Expose the backend APIs used by flutter_test from test_api (#2635)\n\nThis will allow `test_api` to be unpinned from the flutter SDK.\n\nIncreases package surface area, perhaps further than we would like in\nthe long run. Makes the current dependencies visible.\n\nPart of https://github.com/flutter/flutter/issues/185016" }, { "commit": "c8c76f457bbe64f8707b3c7c7259790f593d8c72", "tree": "471efb0fc745d6772ead043564832be2d0a4f7d6", "parents": [ "8bbb8474e3ff85aa9450c2b00f9476b34ebdd679" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 27 20:38:25 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 20:38:25 2026" }, "message": "Prepare to publish (#2634)" }, { "commit": "8bbb8474e3ff85aa9450c2b00f9476b34ebdd679", "tree": "992773e1705d4d60b3b3ce91b5efd2a4bb432602", "parents": [ "bd401482a19620c4521547af793f007bfebc599a" ], "author": { "name": "Jonas Finnemann Jensen", "email": "jonasfj@google.com", "time": "Fri Apr 17 19:47:38 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 19:47:38 2026" }, "message": "Example of how to use `has` (#2631)\n\nDemonstrate the extension pattern in the docs." }, { "commit": "bd401482a19620c4521547af793f007bfebc599a", "tree": "dea6c8a53001b5fc4fdc2fb1c47345a6f38c96c9", "parents": [ "d20671c1eff6318224cfb538460ef4a18f9cd248" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 13 23:58:35 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 23:58:35 2026" }, "message": "Remove extra version info (#2539)\n\nFollow up to https://github.com/dart-lang/test/pull/2538\n\nThis is only relevant when using the test runner as a git or path\ndependency. In these cases the version will already end in `-WIP` with\nour current development practices and in the places where it may come up\nthe users don\u0027t need help understanding where the code is coming from." }, { "commit": "d20671c1eff6318224cfb538460ef4a18f9cd248", "tree": "940ba9becaf60b5ef0e33eebb07770f1e83677d2", "parents": [ "17efdc2f8316c71cc9c8630274ae05e284b74595" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Apr 13 22:52:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 22:52:53 2026" }, "message": "Fix dart2wasm tests with custom HTML files (#2626)\n\nWhen running tests with `dart2wasm` and a custom HTML file, the JS bootstrap file `run_wasm_chrome.js` failed because it tried to read `dataset` from a DOM element with ID `WasmBootstrapInfo`, which is not present in custom HTML files.\n\nThis commit updates `run_wasm_chrome.js` to fallback to inferring the `.wasm` and `.mjs` URLs from `document.currentScript.src` if the `WasmBootstrapInfo` element is not found.\n\nAdded a regression test to verify the fix.\n\nFixes #2625" }, { "commit": "17efdc2f8316c71cc9c8630274ae05e284b74595", "tree": "348b6779e6a749e684b4b554a3eff958dca610d0", "parents": [ "c21233e9e93bd46c90c7e4785ca2b02ec3b2aba5" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Apr 13 22:20:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 22:20:24 2026" }, "message": "fix: improve error reporting on GitHub (#2629)\n\nGroup success and skip so it\u0027s easy to see the failures!\nUpdate skip icon to ⏭️ so they are easier to scan\n\nFixes https://github.com/dart-lang/test/issues/2628" }, { "commit": "c21233e9e93bd46c90c7e4785ca2b02ec3b2aba5", "tree": "dfd7c93deb57f67e2e2446757871e44294599583", "parents": [ "e8012f71a5569fe604fc5ddbad3817a70e178bf2" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 13 21:56:39 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 21:56:39 2026" }, "message": "Ignore test pid on windows (#2630)\n\nThe tests are flaky or always failing due to inconsistencies with PID\nbehavior on windows. Change the PID expectation argument to take a\nmatcher and use `anything` on windows." }, { "commit": "e8012f71a5569fe604fc5ddbad3817a70e178bf2", "tree": "90e9f3570f29693c9ec5f72d8ed2d4685321b4de", "parents": [ "cfdd7d26f128517934610ff22179217ecad489b0" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 13 21:40:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 21:40:53 2026" }, "message": "Bump to language version 3.10 (#2624)\n\nCloses #2623" }, { "commit": "cfdd7d26f128517934610ff22179217ecad489b0", "tree": "011aee4640e34370f1bd9ca20ed99046a94b2c64", "parents": [ "d0d5ccd037cb0eaea8e4dad900946ac54a4286c6" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Apr 13 17:37:56 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 17:37:56 2026" }, "message": "Bump the github-actions group with 3 updates (#2619)\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d0d5ccd037cb0eaea8e4dad900946ac54a4286c6", "tree": "b791bd197d2034e8b36d82aaf677491af42a9e55", "parents": [ "bcc5228370ba909e5774441398b8585ba9874423" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Mon Apr 13 17:31:58 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 17:31:58 2026" }, "message": "Allow analyzer ^13.0.0, with breaking changes. (#2622)" }, { "commit": "bcc5228370ba909e5774441398b8585ba9874423", "tree": "0f1b0abe40e534e376cd3778525796f0bc9c2df3", "parents": [ "2b8c256a6320435dc8c9dbb1303fb6540e617846" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Tue Mar 31 22:02:44 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 22:02:44 2026" }, "message": "Fix hang on windows with multiple exe tests (#2618)\n\nFixes #2617\n\nReorder the callbacks to clocks the socket and the server.\n\nEnable `-c exe` tests for test_api to help get better coverage of these\nkinds of tests." }, { "commit": "2b8c256a6320435dc8c9dbb1303fb6540e617846", "tree": "82692af4869170693bdb2785d5174f511baf79e3", "parents": [ "2baa37c0a8bc96feb17e8721641c4ee1dd4aa7aa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Mar 24 23:45:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 23:45:02 2026" }, "message": "Allow exceptions from operator \u003d\u003d (#2543)\n\nIt\u0027s confusing to treat an object that throws from `operator \u003d\u003d`\nidentically to one that returns `false` normally. Intentional exceptions\nin `operator \u003d\u003d` are very unlikely, so this change is not likely to\ncause too many spurious failures." }, { "commit": "2baa37c0a8bc96feb17e8721641c4ee1dd4aa7aa", "tree": "163b95cd057eeeef968eece97689a60b831aa62f", "parents": [ "d3203334dacd7332c20225b39be1b01db4695d42" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Mar 23 20:15:15 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 23 20:15:15 2026" }, "message": "Respect common environment variables for color output detection (#2613)" }, { "commit": "d3203334dacd7332c20225b39be1b01db4695d42", "tree": "39a8f297706cd066b8c2df836e1610b427a2a675", "parents": [ "021d056da4a63592371e84eb279f65881f42156c" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Mar 19 23:07:02 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 23:07:02 2026" }, "message": "Catch Errors reading resolved executable (#2612)" }, { "commit": "021d056da4a63592371e84eb279f65881f42156c", "tree": "90bd00e7fe9b775325a0c498e047f0dc9c53fadc", "parents": [ "36b9d8291803520b969b9ee623edf276fcc5d5e0" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Wed Mar 18 23:27:32 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 23:27:32 2026" }, "message": "Allow analyzer major version 12 (#2610)\n\nPrepare to publish." }, { "commit": "36b9d8291803520b969b9ee623edf276fcc5d5e0", "tree": "1efee92fcbee762f3df4d2db9167a506f2fa8f9a", "parents": [ "1cd6232e740a9f4ee5a4aced8c31ee8de4005be9" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Mar 17 20:36:05 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 17 20:36:05 2026" }, "message": "Fix exception for missing resolved executable (#2611)\n\nIn some executions of the test runner internally the\n`Platform.resolvedExectuble` may be unexpectedly `null`. Catch\nexceptions trying to read the field and allow a `null` return. The usage\nfor this variable currently prepends it to file paths, and it\u0027s safe to\nsearch the \"wrong\" full path and not find the file." }, { "commit": "1cd6232e740a9f4ee5a4aced8c31ee8de4005be9", "tree": "0b40f9fe87a62773ba259fc0f73527b5c9a450cc", "parents": [ "9d2f9fe044a06206fb6956442a5803c0af17d6b0" ], "author": { "name": "Ryan Macnak", "email": "rmacnak@google.com", "time": "Tue Mar 10 19:54:31 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 19:54:31 2026" }, "message": "Support tests on VM with sanitizers (#2575)\n\nThis is useful for finding issues when using foreign libraries through\n`dart:ffi`, such as use-after-free, use of uninitialized memory and data\nraces.\n\nThis is also useful for pure Dart programs that might have data races\nthrough the use of shared fields.\n\nOnly available on 64-bit Linux.\n\nhttps://clang.llvm.org/docs/AddressSanitizer.html\nhttps://clang.llvm.org/docs/MemorySanitizer.html\nhttps://clang.llvm.org/docs/ThreadSanitizer.html\n\nAdd `vm-asan`, `vm-msan`, and `vm-tsan` runtimes. Use the appropriate\ncompiler flags and VM executable for each." }, { "commit": "9d2f9fe044a06206fb6956442a5803c0af17d6b0", "tree": "257bc2376113ebc41cf512f5221711c3ed066380", "parents": [ "7e6d5dac07e40241238e0951438d0c0a2750e4b9" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Mar 09 21:20:07 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 09 21:20:07 2026" }, "message": "Fix hang when separate-process test crashes (#2606)" }, { "commit": "7e6d5dac07e40241238e0951438d0c0a2750e4b9", "tree": "bb34b7cc978f706b8bf0345fb35d6ec0890d5f16", "parents": [ "c8c7301228841e3008a0a4c69b78f75ba2be6fce" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Mar 09 15:15:50 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 09 15:15:50 2026" }, "message": "Require `analyzer: \u0027\u003e\u003d8.0.0 \u003c12.0.0\u0027` (#2607)" }, { "commit": "c8c7301228841e3008a0a4c69b78f75ba2be6fce", "tree": "c59d919db2d5bf5baf3fa2d4d72001e5b7b437d4", "parents": [ "21ed5d6c6447c4680fce95f30aa2a263c17fdbed" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Mar 05 18:39:37 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 05 18:39:37 2026" }, "message": "Remove stale deprecation annotations (#2605)\n\nThe `@doNotSubmit` is the replacement and the `@Deprecated` was left in\nas a temporary safety during the transition." }, { "commit": "21ed5d6c6447c4680fce95f30aa2a263c17fdbed", "tree": "6907cef00cf9eb6164cd0d0d1b8e19db99090e30", "parents": [ "746af0e5645189ccde83279844f600e034eda3b7" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Mar 05 00:58:03 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 05 00:58:03 2026" }, "message": "Add void return on group callback (#2604)\n\nThis type influences type inference and this change can impact what\nstatic diagnostics apply, but is not breaking at the language level.\nCurrently the callbacks to `test` are left as `FutureOr\u003cdynamic\u003e` for\nnow, the ecosystem impact may be larger.\n\nTightening the type on group internally catches some callbacks written\nas `() \u003d\u003e {test(...)}` and surfaces a diagnostic. This was low impact on\nthe internal test corpus." }, { "commit": "746af0e5645189ccde83279844f600e034eda3b7", "tree": "b260d150e2a36a0bac88b51f50b3245fee662e2a", "parents": [ "0d5fe4dcb20b4b601b4350398d32e3c47321f841" ], "author": { "name": "Aryan Shukla", "email": "88445101+Telomelonia@users.noreply.github.com", "time": "Thu Mar 05 00:38:44 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 05 00:38:44 2026" }, "message": "Default failure summary for expanded reporter (#2588)\n\nAdd a summary of up to 5 failed or incomplete tests at the end of the\nexpanded reporter. Use a deterministic sort order for failing tests for\nconsistency. Truncate lists of more than 5 failures with a remaining\ncount." }, { "commit": "0d5fe4dcb20b4b601b4350398d32e3c47321f841", "tree": "f9c7adcd4239292732bcd61eb006026c5a21dd1f", "parents": [ "45e4ef287d70dad449f13d4f284f9faea2d9188b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Mar 01 03:51:24 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Mar 01 03:51:24 2026" }, "message": "Bump the github-actions group with 3 updates (#2602)\n\nBumps the github-actions group with 3 updates: [actions/stale](https://github.com/actions/stale), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/stale` from 10.1.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix checking state cache (fix \u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e) and switch to Octokit helper methods by \u003ca href\u003d\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade js-yaml from 4.1.0 to 4.1.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1304\"\u003eactions/stale#1304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade lodash from 4.17.21 to 4.17.23 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1313\"\u003eactions/stale#1313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by \u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1312\"\u003eactions/stale#1312\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.2.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003e\u003ccode\u003eb5d41d4\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1313\"\u003e#1313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/dcd2b9469d2220b7e8d08aedc00c105d277fd46b\"\u003e\u003ccode\u003edcd2b94\u003c/code\u003e\u003c/a\u003e Fix punycode and url.parse Deprecation Warnings (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1312\"\u003e#1312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/d6f8a33132340b15a7006f552936e4b9b39c00ec\"\u003e\u003ccode\u003ed6f8a33\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1304\"\u003e#1304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/a21a0816299b11691f9592ef0d63d08e02f06d9d\"\u003e\u003ccode\u003ea21a081\u003c/code\u003e\u003c/a\u003e Fix checking state cache (fix \u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e), also switch to octokit methods (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 6.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What\u0027s new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we\u0027ve upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.0 to 4.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/89a39a4e59826350b863aa6b6252a07ad50cf83e\"\u003e\u003ccode\u003e89a39a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3494\"\u003e#3494\u003c/a\u003e from github/update-v4.32.4-39ba80c47\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e5d84c885c00d506f7816d26a298534dbbffac6d\"\u003e\u003ccode\u003ee5d84c8\u003c/code\u003e\u003c/a\u003e Apply remaining review suggestions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0c202097b5de484e2a3725d4467f9cb7e3107881\"\u003e\u003ccode\u003e0c20209\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/314172e5a1e1691ba4ad232b3d0230ceaf3d9239\"\u003e\u003ccode\u003e314172e\u003c/code\u003e\u003c/a\u003e Fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cdda72d36b93310932b0afe1784acd0209d190dd\"\u003e\u003ccode\u003ecdda72d\u003c/code\u003e\u003c/a\u003e Add changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cfda84cc5509282e2adc1570c3cf29c3167ae87f\"\u003e\u003ccode\u003ecfda84c\u003c/code\u003e\u003c/a\u003e Update changelog for v4.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/39ba80c47550c834104c0f222b502461ac312c29\"\u003e\u003ccode\u003e39ba80c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3493\"\u003e#3493\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/00150dad957fc9c1cba52bdab82e458ae5c09fe5\"\u003e\u003ccode\u003e00150da\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d97dce6561ae3dd4e4db9bfa95479f7572bd7566\"\u003e\u003ccode\u003ed97dce6\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/50fdbb9ec845c41d6d3509d794e3a28af7032c59\"\u003e\u003ccode\u003e50fdbb9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3492\"\u003e#3492\u003c/a\u003e from github/henrymercer/new-repository-properties-ff\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...89a39a4e59826350b863aa6b6252a07ad50cf83e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "45e4ef287d70dad449f13d4f284f9faea2d9188b", "tree": "b9283108442f9597858d485ff2f88b2bcca6adbd", "parents": [ "5adf49a2d20c9844e393152c2984b81ecfa3b6cb" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Feb 27 01:52:14 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 01:52:14 2026" }, "message": "Prepare to publish (#2601)\n\n" }, { "commit": "5adf49a2d20c9844e393152c2984b81ecfa3b6cb", "tree": "0566f95222f0eecf779af703691542376cea5074", "parents": [ "88eafe209d92fe6dce7cc0239f4d4b249f63c59a" ], "author": { "name": "Danny Tuppeny", "email": "danny@tuppeny.com", "time": "Thu Feb 26 16:48:42 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 26 16:48:42 2026" }, "message": "Fix missing test locations on solo-skipped tests by passing location/trace through (#2600)\n\nFixes https://github.com/dart-lang/test/issues/2599 by ensuring stack traces/locations are carried across when tests are replaced with skips because of `solo`.\n\nSince `test_api` 0.7.9 has already been published, I bumped this to `0.7.10`, which also meant updating in `test` and `test_core` for things to resolve correctly. I\u0027m not sure if I did this correctly, so if I need to change anything, please let me know!\n\n- [x] I’ve reviewed the contributor guide and applied the relevant portions to this PR.\n" }, { "commit": "88eafe209d92fe6dce7cc0239f4d4b249f63c59a", "tree": "30529245d4144dc6c20b090d6bf5d841e0bebbe3", "parents": [ "6f9e059e1440eef5bc8c96d8389ea5f316770636" ], "author": { "name": "Felix Angelov", "email": "felangelov@gmail.com", "time": "Sat Feb 21 00:19:50 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Feb 21 00:19:50 2026" }, "message": "fix: report all coverage when no filters are specified (#2594)\n\nFixes #2581\n\nRestore old behavior when no filters are specified and using the legacy\nJSON mode." }, { "commit": "6f9e059e1440eef5bc8c96d8389ea5f316770636", "tree": "5e2ffdf0be72e2f473707c551b39468cb898f7ff", "parents": [ "fe41d5408bfd7c73cc4309da6ab6f0ba46cbf417" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed Feb 18 02:53:09 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 18 02:53:09 2026" }, "message": "[matcher] Add type check in pairwiseCompare (#2596)\n\nCloses #2454\n\nCurrently a failure from the cast causes a failure output including:\n\n Which: has \u003cnull\u003e which is not \u003cnull\u003e at index null\n\nFill in the missing info by adding an explicit type check instead of an\nunchecked cast before passing to the comparison callback. Elements with\nmismatched type are treated identically to those which fail the\ncomparison, but should be clear to a reader of the failure." }, { "commit": "fe41d5408bfd7c73cc4309da6ab6f0ba46cbf417", "tree": "75840ce8596a5872a6d35ad5534028458dc9421f", "parents": [ "ce6ef63e3c437e7b605a4863584a04f826642eaf" ], "author": { "name": "Nils Reichardt", "email": "me@nils.re", "time": "Wed Feb 11 23:22:53 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 11 23:22:53 2026" }, "message": "Add `--suite-load-timeout` option (#2505)\n\nRemove the hardcoded timeout and allow specifying a timeout for loading\nindividual test suites." }, { "commit": "ce6ef63e3c437e7b605a4863584a04f826642eaf", "tree": "5580191ae1446aa5898ffa54254962933e8bbd0f", "parents": [ "5a2b40d8a5310ee37d5064e36b9b428f1596cc0f" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Wed Feb 11 20:50:37 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 11 20:50:37 2026" }, "message": "Make pretty print O(max size) (#2591)\n\nFixes https://github.com/dart-lang/test/issues/2553.\n\nThis issue was present in both matcher and checks, and for iterables and maps, this fixes all of those cases.\n\nCo-authored-by: Nate Bosch \u003cnbosch@google.com\u003e" }, { "commit": "5a2b40d8a5310ee37d5064e36b9b428f1596cc0f", "tree": "a1d2850881d3f1a1ba7cdf3bafb5e1edd466e2b3", "parents": [ "9594859a3e83493fb12f7f9119f56b403c67fccf" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Wed Feb 04 21:09:49 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 04 21:09:49 2026" }, "message": "test: add library doc comments (#2586)\n\n" }, { "commit": "9594859a3e83493fb12f7f9119f56b403c67fccf", "tree": "7dc1613c76813ff04559dede088eef6c983afd7a", "parents": [ "ea538551b2c94b12a1b5b1da3bd141154cb598eb" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Feb 01 03:53:25 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Feb 01 03:53:25 2026" }, "message": "Bump the github-actions group with 3 updates (#2590)\n\nBumps the github-actions group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.1 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003e\u003ccode\u003ecdf6c1f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1695\"\u003e#1695\u003c/a\u003e from actions/Link-/prepare-5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d\"\u003e\u003ccode\u003ea1bee22\u003c/code\u003e\u003c/a\u003e Add review for the \u003ccode\u003e@​actions/http-client\u003c/code\u003e license\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f\"\u003e\u003ccode\u003e4695763\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502\"\u003e\u003ccode\u003edc73bb9\u003c/code\u003e\u003c/a\u003e Upgrade dependencies and address security warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a\"\u003e\u003ccode\u003e345d5c2\u003c/code\u003e\u003c/a\u003e Add 5.0.3 builds\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003e\u003ccode\u003e8b402f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1692\"\u003e#1692\u003c/a\u003e from GhadimiR/main\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002\"\u003e\u003ccode\u003e304ab5a\u003c/code\u003e\u003c/a\u003e license for httpclient\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be\"\u003e\u003ccode\u003e609fc19\u003c/code\u003e\u003c/a\u003e Update licensed record for cache\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5\"\u003e\u003ccode\u003eb22231e\u003c/code\u003e\u003c/a\u003e Build\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a\"\u003e\u003ccode\u003e93150cd\u003c/code\u003e\u003c/a\u003e Add PR link to releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.9 to 4.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.31.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.31.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003e\u003ccode\u003eb20883b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3428\"\u003e#3428\u003c/a\u003e from github/update-v4.32.0-e3b8227a2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b\"\u003e\u003ccode\u003ec9aa45d\u003c/code\u003e\u003c/a\u003e Update changelog for v4.32.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634\"\u003e\u003ccode\u003ee3b8227\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3427\"\u003e#3427\u003c/a\u003e from github/henrymercer/bump-for-new-minor-series\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064\"\u003e\u003ccode\u003e8a01181\u003c/code\u003e\u003c/a\u003e Compare minor version number\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae\"\u003e\u003ccode\u003e80e1425\u003c/code\u003e\u003c/a\u003e Bump minor version for CLI v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a\"\u003e\u003ccode\u003eb748848\u003c/code\u003e\u003c/a\u003e Bump the Action minor version number on new CodeQL minor version series\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18\"\u003e\u003ccode\u003e5e767ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3425\"\u003e#3425\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86\"\u003e\u003ccode\u003e9752869\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e\"\u003e\u003ccode\u003ec62c214\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490\"\u003e\u003ccode\u003e25a224b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3423\"\u003e#3423\u003c/a\u003e from github/mbg/ci/yq-windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "ea538551b2c94b12a1b5b1da3bd141154cb598eb", "tree": "7e62e11ad0fac997406ddce726d5af4186efdc76", "parents": [ "db0c8111377ab4a157351d12426f734c89c10d22" ], "author": { "name": "Matthew McDonald", "email": "mmcdon20@live.com", "time": "Wed Jan 28 01:50:56 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 01:50:56 2026" }, "message": "Add FutureOr return types on callbacks (#2587)\n\nIndicate which APIs allow asynchronous callbacks with an explicit\n`FutureOr` return type. These remain `FutureOr\u003cdynamic\u003e` in place of\n`FutureOr\u003cvoid\u003e` which would impact type inference and may cause\ndiagnostics in downstream code." }, { "commit": "db0c8111377ab4a157351d12426f734c89c10d22", "tree": "59f8a9347c84511deb3066dc824740e7bbabfcc2", "parents": [ "f95c0f5c10fa9af35014117cb00ec17d2a117265" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Wed Jan 07 23:06:47 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 07 23:06:47 2026" }, "message": "Allow analyzer major version 10 (#2584)\n\nPrepare to publish." }, { "commit": "f95c0f5c10fa9af35014117cb00ec17d2a117265", "tree": "718e0158fd3d03c1078837715f5b98c5945064f3", "parents": [ "c970e0035248d149e02c42143cba7b9055e40144" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Jan 06 18:21:18 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 06 18:21:18 2026" }, "message": "Allow empty test source when parsing metadata (#2583)\n\nSome use cases with precompiled tests pass an empty test source file and\nskip any of the behavior of configuration metadata annotations. This\nisn\u0027t the golden path design for the runner, but we can avoid breaking\nit easily. In this scenario the specific problem of a missing `main`\nwill have already been handled by other infrastructure, so whether the\nerror is clear is out of our control. This change does restore the less\ndirect error about missing main in the case where a typical test runner\nuser tries to run a completely empty test suite, but this is unlikely in\npractice." }, { "commit": "c970e0035248d149e02c42143cba7b9055e40144", "tree": "a863bad169dcb624326dc0a3efadacef7599941f", "parents": [ "6f79518158d31d3ddc2f11672b28952900ec7385" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue Jan 06 01:17:01 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 06 01:17:01 2026" }, "message": "Remove the dependency on pubspec_parse (#2580)\n\nFixes #2579" }, { "commit": "6f79518158d31d3ddc2f11672b28952900ec7385", "tree": "b0bc9e3dd4646a37e21d274c262cb373969edf86", "parents": [ "da25976b09e69e33ce59f883a1f94dd653733943" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Jan 01 03:11:05 2026" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 01 03:11:05 2026" }, "message": "Bump the github-actions group with 5 updates (#2582)\n\nBumps the github-actions group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.0` | `6.0.1` |\n| [actions/stale](https://github.com/actions/stale) | `10.1.0` | `10.1.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `6.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.5` | `4.31.9` |\n\nUpdates `actions/cache` from 4.3.0 to 5.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003eactions/cache#1685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v5.0.1 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1686\"\u003eactions/cache#1686\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev5.0.0\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4.3.0...v5.0.0\"\u003ehttps://github.com/actions/cache/compare/v4.3.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9255dc7a253b0ccc959486e2bca901246202afeb\"\u003e\u003ccode\u003e9255dc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1686\"\u003e#1686\u003c/a\u003e from actions/cache-v5.0.1-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8ff5423e8b66eacab4e638ee52abbd2cb831366a\"\u003e\u003ccode\u003e8ff5423\u003c/code\u003e\u003c/a\u003e chore: release v5.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9233019a152bc768059ac1768b8e4403b5da16c1\"\u003e\u003ccode\u003e9233019\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1685\"\u003e#1685\u003c/a\u003e from salmanmkc/node24-storage-blob-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b975f2bb844529e1063ad882c609b224bcd66eb6\"\u003e\u003ccode\u003eb975f2b\u003c/code\u003e\u003c/a\u003e fix: add peer property to package-lock.json for dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/d0a0e1813491d01d574c95f8d189f62622bbb2ae\"\u003e\u003ccode\u003ed0a0e18\u003c/code\u003e\u003c/a\u003e fix: update license files for \u003ccode\u003e@​actions/cache\u003c/code\u003e, fast-xml-parser, and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/74de208dcfcbe85c0e7154e7b17e4105fe2554ff\"\u003e\u003ccode\u003e74de208\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e to ^5.0.1 for Node.js 24 punycode fix\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/ac7f1152ead02e89c14b5456d14ab17591e74cfb\"\u003e\u003ccode\u003eac7f115\u003c/code\u003e\u003c/a\u003e peer\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b0f846b50b6061d7a2ca6f1a2fea61d4a65d1a16\"\u003e\u003ccode\u003eb0f846b\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e with storage-blob fix for Node.js 24 punycode depr...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/a7833574556fa59680c1b7cb190c1735db73ebf0\"\u003e\u003ccode\u003ea783357\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1684\"\u003e#1684\u003c/a\u003e from actions/prepare-cache-v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3bb0d78750a39cefce0c2b5a0a9801052b4359ad\"\u003e\u003ccode\u003e3bb0d78\u003c/code\u003e\u003c/a\u003e docs: highlight v5 runner requirement in releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 10.1.0 to 10.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Missing Input Reading for \u003ccode\u003eonly-issue-types\u003c/code\u003e by \u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1298\"\u003eactions/stale#1298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproves error handling when rate limiting is disabled on GHES. by \u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1300\"\u003eactions/stale#1300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade eslint-config-prettier from 8.10.0 to 10.1.8 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1276\"\u003eactions/stale#1276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/node\u003c/code\u003e from 20.10.3 to 24.2.0 and document breaking changes in v10 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1280\"\u003eactions/stale#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/publish-action from 0.3.0 to 0.4.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1291\"\u003eactions/stale#1291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/checkout from 4 to 6 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1306\"\u003eactions/stale#1306\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1300\"\u003eactions/stale#1300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.1.1\"\u003ehttps://github.com/actions/stale/compare/v10...v10.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/997185467fa4f803885201cee163a9f38240193d\"\u003e\u003ccode\u003e9971854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 6 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1306\"\u003e#1306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/5611b9defa6b7799a950489b00163db69f7a3ece\"\u003e\u003ccode\u003e5611b9d\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1291\"\u003e#1291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/fad0de84e50d1aba7b0236cdaf0ea98a43286849\"\u003e\u003ccode\u003efad0de8\u003c/code\u003e\u003c/a\u003e Improves error handling when rate limiting is disabled on GHES. (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1300\"\u003e#1300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/39bea7de61dd70ce4705a976f904f33d5e1e0f49\"\u003e\u003ccode\u003e39bea7d\u003c/code\u003e\u003c/a\u003e Add Missing Input Reading for \u003ccode\u003eonly-issue-types\u003c/code\u003e (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1298\"\u003e#1298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/e46bbabb3ede15841d25946157759558dd16306e\"\u003e\u003ccode\u003ee46bbab\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 20.10.3 to 24.2.0 and document breakin...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/65d1d4804d3060875fff9f9fa8a49e27f71ce7f0\"\u003e\u003ccode\u003e65d1d48\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1276\"\u003e#1276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/5f858e3efba33a5ca4407a664cc011ad407f2008...997185467fa4f803885201cee163a9f38240193d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What\u0027s new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/ddc45ed9bca9b38dbd643978d88e3981cdc91415\"\u003e\u003ccode\u003eddc45ed\u003c/code\u003e\u003c/a\u003e docs: update README to correct action name for Node.js 24 support\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/615b319bd27bb32c3d64dca6b6ed6974d5fbe653\"\u003e\u003ccode\u003e615b319\u003c/code\u003e\u003c/a\u003e chore: release v6.0.0 for Node.js 24 support\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/017748b48f8610ca8e6af1222f4a618e84a9c703\"\u003e\u003ccode\u003e017748b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/744\"\u003e#744\u003c/a\u003e from actions/fix-storage-blob\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/38d4c7997f5510fcc41fc4aae2a6b97becdbe7fc\"\u003e\u003ccode\u003e38d4c79\u003c/code\u003e\u003c/a\u003e chore: rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/7d27270e0cfd253e666c44abac0711308d2d042f\"\u003e\u003ccode\u003e7d27270\u003c/code\u003e\u003c/a\u003e chore: add missing license cache files for \u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/io\u003c/code\u003e, and mi...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/5f643d3c9475505ccaf26d686ffbfb71a8387261\"\u003e\u003ccode\u003e5f643d3\u003c/code\u003e\u003c/a\u003e chore: update license files for \u003ccode\u003e@​actions/artifact\u003c/code\u003e\u003ca href\u003d\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.0.1 dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/1df1684032c88614064493e1a0478fcb3583e1d0\"\u003e\u003ccode\u003e1df1684\u003c/code\u003e\u003c/a\u003e chore: update package-lock.json with \u003ccode\u003e@​actions/artifact\u003c/code\u003e\u003ca href\u003d\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b5b1a918401ee270935b6b1d857ae66c85f3be6f\"\u003e\u003ccode\u003eb5b1a91\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to ^5.0.0 for Node.js 24 punycode fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.5 to 4.31.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.7\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.6\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.6/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5d4e8d1aca955e8d8589aabd499c5cae939e33c7\"\u003e\u003ccode\u003e5d4e8d1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3371\"\u003e#3371\u003c/a\u003e from github/update-v4.31.9-998798e34\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1dc115f17a8c6966e94a6477313dd3df6319bc83\"\u003e\u003ccode\u003e1dc115f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.9\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/998798e34d79baddb1566c60bbb8f68a901c04e6\"\u003e\u003ccode\u003e998798e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3352\"\u003e#3352\u003c/a\u003e from github/nickrolfe/jar-min-ff-cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5eb751966fe18977cdefa4e41e0f90e92801ce90\"\u003e\u003ccode\u003e5eb7519\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3358\"\u003e#3358\u003c/a\u003e from github/henrymercer/database-upload-telemetry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d29eddb39b7c33171bb0250114b1c9e3ff8fe2bc\"\u003e\u003ccode\u003ed29eddb\u003c/code\u003e\u003c/a\u003e Extract version number to constant\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e9626872ef3347a9c18091d60da647084c2451a6\"\u003e\u003ccode\u003ee962687\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/database-upload-telemetry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/19c7f96922a6269458f2cadcc23faf0ebaa1368b\"\u003e\u003ccode\u003e19c7f96\u003c/code\u003e\u003c/a\u003e Rename \u003ccode\u003eisOverlayBase\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ae5de9a20d0468cc3818a0dc5c99e456f996d9cf\"\u003e\u003ccode\u003eae5de9a\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003egetErrorMessage\u003c/code\u003e in log too\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0cb86337c5111af4ff3dc7e8f9b98c479c9ea954\"\u003e\u003ccode\u003e0cb8633\u003c/code\u003e\u003c/a\u003e Prefer \u003ccode\u003eperformance.now()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c07cc0d3a95a282fc5a54477464931c776d124ec\"\u003e\u003ccode\u003ec07cc0d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3351\"\u003e#3351\u003c/a\u003e from github/henrymercer/ghec-dr-determine-tools-vers...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "da25976b09e69e33ce59f883a1f94dd653733943", "tree": "4dc50f45769fa71ad4880f1b13a97a9df790abe8", "parents": [ "b951efc07c0ba490ec483b83b1c1f27b5ca08b26" ], "author": { "name": "Ömer Sinan Ağacan", "email": "omersa@google.com", "time": "Tue Dec 16 03:15:01 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Dec 16 03:15:01 2025" }, "message": "Improve canUseSpecialChars on Linux and Mac (#2545)\n\nFix output to non-terminals which are unlikely to support ascii escape\ncharacters. Prior implementation was overly optimistic for linux and mac\nand always allowed ascii because the SDK implementation checking support\nis contrarily overly restrictive. Add at least a check for a interactive\nterminal to fix some false positives." }, { "commit": "b951efc07c0ba490ec483b83b1c1f27b5ca08b26", "tree": "02220949766db67699705054b3f35ce747a20192", "parents": [ "750614722a735f421107b5332f3a17e324cc6c92" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Dec 16 03:11:51 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Dec 16 03:11:51 2025" }, "message": "Support --version in pub workspace (#2538)\n\nCloses #2535\n\nAdd a check for the `workspace_ref.json` file in place of the\n`pubspec.lock` file that exists for single package pub solutions.\n\nWhen the workspace ref exists, follow it and read the\n`package_graph.json` file from the workspace root." }, { "commit": "750614722a735f421107b5332f3a17e324cc6c92", "tree": "9926639cdf86c8e90ce9bbed709738900ec991ff", "parents": [ "462b474b01a45cbb55fcd1aa89b2855857207f96" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Sat Dec 13 01:10:16 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Dec 13 01:10:16 2025" }, "message": "Hide skip reasons in compact and failure reporters (#2578)\n\nCloses #2546, Fixes #2542\n\nSkipped tests with messages can cause noisy output in otherwise very\nshort test run logs. In most cases the skip messages are not useful, so\nsuppress them by default. They can still be seen in the expanded\nreporter. Expand the final output when there are skipped tests since the\notherwise obvious yellow lines are no longer shown.\n\nAdd support for testing against disallowed output in the compact\nreporter tests. Existing tests ignore unexpected output that comes\nbetween any expected lines." }, { "commit": "462b474b01a45cbb55fcd1aa89b2855857207f96", "tree": "fd13aad9b714832859e809ae9b80bcc184fc3533", "parents": [ "30aa5410583846295981bedbe1d1febedc7006c6" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Thu Dec 11 01:59:53 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Dec 11 01:59:53 2025" }, "message": "[coverage] Support workspaces in coverage filters (#2574)\n\n" }, { "commit": "30aa5410583846295981bedbe1d1febedc7006c6", "tree": "46f65561d76ab8ea7bb1df44dda7bffe51c33bfb", "parents": [ "c15153b9618afc4c5e8a43bac43339de130c2149" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Dec 09 01:54:21 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Dec 09 01:54:21 2025" }, "message": "Require a definition named `main` in test suites (#2569)\n\nCloses #2567\n\nThe error when there is a compilation failure due to a missing `main` is\nless direct than it could be and exposes details of wrapping the test\nsuite in another library. Add an explicit check for a function declared\nwith that name when parsing metadata before attempting any compiles.\n\nAdd a check to `parseMetadata` that throws a `FormatException` if there\nis no function declared directly in the library named `main`. This will\nprevent some previously working designs such as exposing a main in a\npart or with `export`, but we do not expect those designs are used in\npractice." }, { "commit": "c15153b9618afc4c5e8a43bac43339de130c2149", "tree": "a3673bd4576808d145853a8766b73ea2eab274fe", "parents": [ "bbad7a26f1175af929097e7978c808ff8aaa214a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Dec 01 03:11:24 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 01 03:11:24 2025" }, "message": "Bump the github-actions group with 2 updates (#2568)\n\nBumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/checkout` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href\u003d\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eV6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NPM dependencies by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1703\"\u003eactions/checkout#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1694\"\u003eactions/checkout#1694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 1 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1696\"\u003eactions/checkout#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 2 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1695\"\u003eactions/checkout#1695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.2 to 4.31.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.5\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.5/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.4\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.4/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.6 - 02 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3168\"\u003e#3168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fdbfb4d2750291e159f0156def62b853c2798ca2\"\u003e\u003ccode\u003efdbfb4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3322\"\u003e#3322\u003c/a\u003e from github/update-v4.31.5-ec2ee575c\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/81f6d649ae64626b3035526b0389bfa8802b6df3\"\u003e\u003ccode\u003e81f6d64\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ec2ee575c053869d197f516146096427e08da443\"\u003e\u003ccode\u003eec2ee57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3321\"\u003e#3321\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.23.6\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ecc87875ee10fd563cebc295e45bea8312e2ce49\"\u003e\u003ccode\u003eecc8787\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1d2a238d7d52b563f78fb3bf1deebc2b18d98eb1\"\u003e\u003ccode\u003e1d2a238\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.23.6\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ce729e4d353d580e6cacd6a8cf2921b72e5e310a\"\u003e\u003ccode\u003ece729e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3315\"\u003e#3315\u003c/a\u003e from github/henrymercer/dead-code-elimination\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ac359aad20e59fd46ecd05e63c6d4b99cad25272\"\u003e\u003ccode\u003eac359aa\u003c/code\u003e\u003c/a\u003e Add return type\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/112cd075bdb9b3b9ec911ae7c5980f2fa5f2cca1\"\u003e\u003ccode\u003e112cd07\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/dead-code-elimination\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0b4317954f4f86bf5df18ed38d9987fb1d2ec4ad\"\u003e\u003ccode\u003e0b43179\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3306\"\u003e#3306\u003c/a\u003e from github/dependabot/npm_and_yarn/types/sinon-21.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e818008b54314bea8e06c423f952d06c0d1f1b7f\"\u003e\u003ccode\u003ee818008\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3305\"\u003e#3305\u003c/a\u003e from github/dependabot/npm_and_yarn/eslint/compat-2.0.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...fdbfb4d2750291e159f0156def62b853c2798ca2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "bbad7a26f1175af929097e7978c808ff8aaa214a", "tree": "4271179ae308305e612ff499ce07d1556b193534", "parents": [ "cba5c15f7be6677b5620741f59a0eb8c35fb2c2e" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed Nov 26 00:07:45 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Nov 26 00:07:45 2025" }, "message": "Add `--coverage-package` option (#2566)\n\n" }, { "commit": "cba5c15f7be6677b5620741f59a0eb8c35fb2c2e", "tree": "49d3102b20fe24f34ae7efe71d5b03027a8c931e", "parents": [ "31694548f48bcccbefcef8109e3a48149289b3f9" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Nov 21 00:42:35 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Nov 21 00:42:35 2025" }, "message": "Prepare to publish package:test (#2565)\n\nSwitch to a feature version bump, this was missed in the PR to add the\n`matcher` related changelogs." }, { "commit": "31694548f48bcccbefcef8109e3a48149289b3f9", "tree": "2083b907af8dd9592a9e7d40beb30fe96b691492", "parents": [ "5ef2dd94c057319376a88e9839932f905ed3da1e" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Nov 20 23:34:56 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Nov 20 23:34:56 2025" }, "message": "Prepare to publish matcher (#2564)\n\nDrop `-wip` from the version and extend the `test` constraint to allow\nthe latest.\n\nAdd changes to `test` changelog since it exports the APIs and these\nchanges are user facing." }, { "commit": "5ef2dd94c057319376a88e9839932f905ed3da1e", "tree": "08b19f3fb18065884afb14f090d3a0c75f9dcf35", "parents": [ "80a49347e4a3dbc3ed70782df5e8c76a67f9256c" ], "author": { "name": "Felix Angelov", "email": "felangelov@gmail.com", "time": "Thu Nov 20 23:20:44 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Nov 20 23:20:44 2025" }, "message": "fix(test_core): fix `writeCoverage` to handle a `null` hit map (#2563)\n\n" }, { "commit": "80a49347e4a3dbc3ed70782df5e8c76a67f9256c", "tree": "d2fdcec26664f27db062768ca86e633acf04f429", "parents": [ "1a6c5ac47ac803c78b9b225ebb4b1bc8eb394d6d" ], "author": { "name": "greenart7c3", "email": "115044884+greenart7c3@users.noreply.github.com", "time": "Wed Nov 12 19:25:59 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Nov 12 19:25:59 2025" }, "message": "removed unused js dependency (#2560)\n\nFixes #2480 " }, { "commit": "1a6c5ac47ac803c78b9b225ebb4b1bc8eb394d6d", "tree": "0cc458bd943aa97217d08ae8145c0522878ee1ea", "parents": [ "6b81a26875b93baea06497f5f8dbe0218a7758b4" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Nov 11 01:14:42 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Nov 11 01:14:42 2025" }, "message": "Prepare to publish (#2559)\n\nClean up changelogs and drop `-wip`." }, { "commit": "6b81a26875b93baea06497f5f8dbe0218a7758b4", "tree": "1fbf3184647a0946021d62a9745ee0f54c9eeefa", "parents": [ "961e4725259665d9adfd963b60720e5ac76c2d8e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Nov 01 03:13:08 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Nov 01 03:13:08 2025" }, "message": "Bump the github-actions group with 3 updates (#2557)\n\nBumps the github-actions group with 3 updates: [actions/stale](https://github.com/actions/stale), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/stale` from 10.0.0 to 10.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonly-issue-types\u003c/code\u003e option to filter issues by type by \u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1255\"\u003eactions/stale#1255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1255\"\u003eactions/stale#1255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.1.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/blob/main/CHANGELOG.md\"\u003eactions/stale\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch1\u003e[10.1.0]\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd only-issue-types option to filter issues by type by \u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1255\"\u003eactions/stale#1255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e[10.0.0]\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1279\"\u003eactions/stale#1279\u003c/a\u003e\nMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIntroducing sort-by option by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1254\"\u003eactions/stale#1254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1186\"\u003eactions/stale#1186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.4 to 5.28.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1201\"\u003eactions/stale#1201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.0 to 4.0.2 by \u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1226\"\u003eactions/stale#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.2 to 4.0.3 by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1233\"\u003eactions/stale#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.5 to 5.29.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1251\"\u003eactions/stale#1251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to bring in fix for critical vulnerability by \u003ca href\u003d\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1277\"\u003eactions/stale#1277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChangelog update for recent releases by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1224\"\u003eactions/stale#1224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePermissions update in Readme by \u003ca href\u003d\"https://github.com/ghadimir\"\u003e\u003ccode\u003e@​ghadimir\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1248\"\u003eactions/stale#1248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e[9.1.0]\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update by \u003ca href\u003d\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1116\"\u003eactions/stale#1116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href\u003d\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1179\"\u003eactions/stale#1179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate undici from 5.28.2 to 5.28.4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1150\"\u003eactions/stale#1150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1091\"\u003eactions/stale#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/publish-action from 0.2.2 to 0.3.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1147\"\u003eactions/stale#1147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate ts-jest from 29.1.1 to 29.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1175\"\u003eactions/stale#1175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.10.1 to 1.11.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1191\"\u003eactions/stale#1191\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​types/jest\u003c/code\u003e from 29.5.11 to 29.5.14 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1193\"\u003eactions/stale#1193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​actions/cache\u003c/code\u003e from 3.2.2 to 4.0.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1194\"\u003eactions/stale#1194\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e[9.0.0]\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAction is now stateful: If the action ends because of \u003ca href\u003d\"https://github.com/actions/stale#operations-per-run\"\u003eoperations-per-run\u003c/a\u003e then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.\u003c/li\u003e\n\u003cli\u003eVersion 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/5f858e3efba33a5ca4407a664cc011ad407f2008\"\u003e\u003ccode\u003e5f858e3\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eonly-issue-types\u003c/code\u003e option to filter issues by type (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1255\"\u003e#1255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/3a9db7e6a41a89f618792c92c0e97cc736e1b13f...5f858e3efba33a5ca4407a664cc011ad407f2008\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we\u0027re treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href\u003d\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4\"\u003e\u003ccode\u003e330a01c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/734\"\u003e#734\u003c/a\u003e from actions/danwkennedy/prepare-5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/03f282445299bbefc96171af272a984663b63a26\"\u003e\u003ccode\u003e03f2824\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003egithub.dep.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/905a1ecb5915b264cbc519e4eb415b5d82916018\"\u003e\u003ccode\u003e905a1ec\u003c/code\u003e\u003c/a\u003e Prepare \u003ccode\u003ev5.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/2d9f9cdfa99fedaddba68e9b5b5c281eca26cc63\"\u003e\u003ccode\u003e2d9f9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/725\"\u003e#725\u003c/a\u003e from patrikpolyak/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/9687587dec67f2a8bc69104e183d311c42af6d6f\"\u003e\u003ccode\u003e9687587\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/2848b2cda0e5190984587ec6bb1f36730ca78d50\"\u003e\u003ccode\u003e2848b2c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/727\"\u003e#727\u003c/a\u003e from danwkennedy/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/9b511775fd9ce8c5710b38eea671f856de0e70a7\"\u003e\u003ccode\u003e9b51177\u003c/code\u003e\u003c/a\u003e Spell out the first use of GHES\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/cd231ca1eda77976a84805c4194a1954f56b0727\"\u003e\u003ccode\u003ecd231ca\u003c/code\u003e\u003c/a\u003e Update GHES guidance to include reference to Node 20 version\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/de65e23aa2b7e23d713bb51fbfcb6d502f8667d8\"\u003e\u003ccode\u003ede65e23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/712\"\u003e#712\u003c/a\u003e from actions/nebuk89-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/8747d8cd7632611ad6060b528f3e0f654c98869c\"\u003e\u003ccode\u003e8747d8c\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.30.5 to 4.31.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.0\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.30.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.30.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.6 - 02 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3168\"\u003e#3168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0499de31b99561a6d14a36a5f662c2a54f91beee\"\u003e\u003ccode\u003e0499de3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3261\"\u003e#3261\u003c/a\u003e from github/henrymercer/setup-python\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3b96745d2bb2af9f01a0c9a19f4ffd034ae37879\"\u003e\u003ccode\u003e3b96745\u003c/code\u003e\u003c/a\u003e Set up Python in mergeback workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8a06050a8c0348fb4738f28e0cfbb6727cf054ce\"\u003e\u003ccode\u003e8a06050\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3259\"\u003e#3259\u003c/a\u003e from github/update-v4.31.2-9576b5cbe\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/752a642cb25304f2aaae33cfcc3911673bf65aca\"\u003e\u003ccode\u003e752a642\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9576b5cbe818ddefe4e1b444017536fe40b9ab2d\"\u003e\u003ccode\u003e9576b5c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3258\"\u003e#3258\u003c/a\u003e from github/mbg/enablement-errors/case-insensitive\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cc8843728c8296d35175b82c7f1bb3748290764a\"\u003e\u003ccode\u003ecc88437\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3257\"\u003e#3257\u003c/a\u003e from github/henrymercer/ubuntu-slim\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f0e9bf07f44488f7e3adf5ff01d04e6392b60b3b\"\u003e\u003ccode\u003ef0e9bf0\u003c/code\u003e\u003c/a\u003e Make \u003ccode\u003eisEnablementError\u003c/code\u003e case-insensitive\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2a3599c52055e7a5443d3fef8981a4d543586dde\"\u003e\u003ccode\u003e2a3599c\u003c/code\u003e\u003c/a\u003e Run lightweight workflows on \u003ccode\u003eubuntu-slim\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/514ff4d116ef04d9ffc8adb3da5abb07961cb990\"\u003e\u003ccode\u003e514ff4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3256\"\u003e#3256\u003c/a\u003e from github/henrymercer/resolve-bad-merge\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/aab1c2f9318aa4b88e7532de10fe02ac860d5ab8\"\u003e\u003ccode\u003eaab1c2f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3253\"\u003e#3253\u003c/a\u003e from github/mergeback/v4.31.1-to-main-5fe9434c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/3599b3baa15b485a2e49ef411a7a4bb2452e7f93...0499de31b99561a6d14a36a5f662c2a54f91beee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "961e4725259665d9adfd963b60720e5ac76c2d8e", "tree": "b78774dd5599887b05b1bdd17282ce5c6a92ecc3", "parents": [ "a8f97ed6edc9550959f097f5187a0307793d8d3d" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Oct 31 00:27:13 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Oct 31 00:27:13 2025" }, "message": "Bump requirements to allow/require analyzer 9.0.0 (#2555)\n\nUse a consistent `\u0027\u003e\u003d8.0.0 \u003c10.0.0\u0027` constraint." }, { "commit": "a8f97ed6edc9550959f097f5187a0307793d8d3d", "tree": "e7429dfd05cdc9bcb4de9cf7c23e1af664de2c10", "parents": [ "5855358095b8718712567b8abc0435ddfd125ba8" ], "author": { "name": "Wu Tingfeng", "email": "wutingfeng@outlook.com", "time": "Wed Oct 29 16:26:15 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Oct 29 16:26:15 2025" }, "message": "Fix wasmPath for Windows + Node.js + dart2wasm combo. (#2551)\n\nUse a raw string to read without escape characters." }, { "commit": "5855358095b8718712567b8abc0435ddfd125ba8", "tree": "f91f4e916d9aca4d3a3ad7e89e8e0cc5133b1626", "parents": [ "8083c8f24ffbca58cc0385add03c296b70636e7a" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Sat Oct 25 00:48:43 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Oct 25 00:48:43 2025" }, "message": "Add a sentence to clarify \"Platform\" (#2550)\n\nA \"platform\" in the test runner\u0027s use encompasses more detail than might\nbe expected. Add a sentence in the description of platform selectors to\nnote that it can cover details about how the code is compiled.\n\nCloses #2548" }, { "commit": "8083c8f24ffbca58cc0385add03c296b70636e7a", "tree": "479d97b83ca4ae161d4e3aa83da0863c326e2cd9", "parents": [ "a16f14975c5625ef99abc71f7e91bca5d8e55054" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Oct 03 22:28:39 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Oct 03 22:28:39 2025" }, "message": "Make all package:coverage imports conditional (#2544)\n\nThe `package:coverage` library imports `dart:io` directly and cannot be\na dependency of apps compiled to platforms without `dart:io`. All\nimports and uses of `package:coverage` must be through platform specific\nimports. Add extra indirection in the `coverage.dart` and\n`coverage_stub.dart` libraries so that `engine.dart` does not need to\nimport `package:coverage` or refer to the `HitMap` type it exports. Add\na forwarding implementation of the `merge` extension." }, { "commit": "a16f14975c5625ef99abc71f7e91bca5d8e55054", "tree": "6ddd46812e81c534e5d18e2beae8bc24b9ec908a", "parents": [ "b99d556ec6096965eb177111299c0783678200f6" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Oct 01 03:14:12 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Oct 01 03:14:12 2025" }, "message": "Bump the github-actions group with 5 updates (#2547)\n\nBumps the github-actions group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` |\n| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.0.0` |\n| [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.11` | `3.30.5` |\n\nUpdates `actions/cache` from 4.2.4 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note on runner versions by \u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev4.3.0\u003c/code\u003e release by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1655\"\u003eactions/cache#1655\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/cache/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0057852bfaa89a56745cba8c7296529d2fc39830\"\u003e\u003ccode\u003e0057852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1655\"\u003e#1655\u003c/a\u003e from actions/Link-/prepare-4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/4f5ea67f1cc87b2d4239690fa12a12fc32096d68\"\u003e\u003ccode\u003e4f5ea67\u003c/code\u003e\u003c/a\u003e Update licensed cache\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9fcad95d03062fb8399cdbd79ae6041c7692b6c8\"\u003e\u003ccode\u003e9fcad95\u003c/code\u003e\u003c/a\u003e Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/638ed79f9dc94c1de1baef91bcab5edaa19451f4\"\u003e\u003ccode\u003e638ed79\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1642\"\u003e#1642\u003c/a\u003e from actions/GhadimiR-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3862dccb1765f1ff6e623be1f4fd3a5b47a30d27\"\u003e\u003ccode\u003e3862dcc\u003c/code\u003e\u003c/a\u003e Add note on runner versions\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...0057852bfaa89a56745cba8c7296529d2fc39830\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 9.1.0 to 10.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1279\"\u003eactions/stale#1279\u003c/a\u003e\nMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroducing sort-by option by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1254\"\u003eactions/stale#1254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1186\"\u003eactions/stale#1186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.4 to 5.28.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1201\"\u003eactions/stale#1201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.0 to 4.0.2 by \u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1226\"\u003eactions/stale#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.2 to 4.0.3 by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1233\"\u003eactions/stale#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.5 to 5.29.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1251\"\u003eactions/stale#1251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to bring in fix for critical vulnerability by \u003ca href\u003d\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1277\"\u003eactions/stale#1277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChangelog update for recent releases by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1224\"\u003eactions/stale#1224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePermissions update in Readme by \u003ca href\u003d\"https://github.com/ghadimir\"\u003e\u003ccode\u003e@​ghadimir\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1248\"\u003eactions/stale#1248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1224\"\u003eactions/stale#1224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1248\"\u003eactions/stale#1248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1277\"\u003eactions/stale#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1279\"\u003eactions/stale#1279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v9...v10.0.0\"\u003ehttps://github.com/actions/stale/compare/v9...v10.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/3a9db7e6a41a89f618792c92c0e97cc736e1b13f\"\u003e\u003ccode\u003e3a9db7e\u003c/code\u003e\u003c/a\u003e Upgrade to node 24 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1279\"\u003e#1279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/8f717f0dfca33b78d3c933452e42558e4456c8e7\"\u003e\u003ccode\u003e8f717f0\u003c/code\u003e\u003c/a\u003e Bumps form-data (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1277\"\u003e#1277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/a92fd57ffeff1a7d5e9f90394c229c1cebb74321\"\u003e\u003ccode\u003ea92fd57\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 5.28.5 to 5.29.0 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1251\"\u003e#1251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/128b2c81d01bedfe5b59d56fc08176aecd3fe6b9\"\u003e\u003ccode\u003e128b2c8\u003c/code\u003e\u003c/a\u003e Introducing sort-by option (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1254\"\u003e#1254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/f78de9780efb7a789cf4745957fa3374cbb94fd5\"\u003e\u003ccode\u003ef78de97\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1248\"\u003e#1248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/816d9db1aba399a7f70277f1a2b01a4d21497fdd\"\u003e\u003ccode\u003e816d9db\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.2 to 4.0.3 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1233\"\u003e#1233\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/ba23c1cb02e5cb8f885b0994d870e6032be00186\"\u003e\u003ccode\u003eba23c1c\u003c/code\u003e\u003c/a\u003e upgrade actions/cache from 4.0.0 to 4.0.2 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/a65e88a9b971cb99d742d9a25b2f8614e10577e9\"\u003e\u003ccode\u003ea65e88a\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 5.28.4 to 5.28.5 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1201\"\u003e#1201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/d4df79c5919b10352b8f29b9699b7acdc5500ebc\"\u003e\u003ccode\u003ed4df79c\u003c/code\u003e\u003c/a\u003e Updates to CHANGELOG.MD for recent releases (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1224\"\u003e#1224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/ee7ef89499a3de6e4fe1fc1acb994e67c64e0a2a\"\u003e\u003ccode\u003eee7ef89\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1186\"\u003e#1186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/5bef64f19d7facfb25b37b414482c7164d639639...3a9db7e6a41a89f618792c92c0e97cc736e1b13f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/labeler` from 5.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/labeler/releases\"\u003eactions/labeler\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade publish-action from 0.2.2 to 0.4.0 by \u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/901\"\u003eactions/labeler#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/901\"\u003eactions/labeler#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/labeler/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/actions/labeler/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href\u003d\"https://github.com/jcambass\"\u003e\u003ccode\u003e@​jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/802\"\u003eactions/labeler#802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Node.js version to 24 in action and dependencies \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/891\"\u003eactions/labeler#891\u003c/a\u003e\nMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade eslint-config-prettier from 9.0.0 to 9.1.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/711\"\u003eactions/labeler#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint from 8.52.0 to 8.55.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/720\"\u003eactions/labeler#720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/jest\u003c/code\u003e from 29.5.6 to 29.5.11 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/719\"\u003eactions/labeler#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/js-yaml\u003c/code\u003e from 4.0.8 to 4.0.9 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/718\"\u003eactions/labeler#718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e from 6.9.0 to 6.14.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/717\"\u003eactions/labeler#717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.0.3 to 3.1.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/726\"\u003eactions/labeler#726\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint from 8.55.0 to 8.56.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/725\"\u003eactions/labeler#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e from 6.14.0 to 6.19.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/745\"\u003eactions/labeler#745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/744\"\u003eactions/labeler#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/eslint-plugin\u003c/code\u003e from 6.9.0 to 6.20.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/750\"\u003eactions/labeler#750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.1.1 to 3.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/752\"\u003eactions/labeler#752\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.26.5 to 5.28.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/757\"\u003eactions/labeler#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade braces from 3.0.2 to 3.0.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/789\"\u003eactions/labeler#789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 9.0.3 to 10.0.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/805\"\u003eactions/labeler#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.10.1 to 1.11.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/811\"\u003eactions/labeler#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade typescript from 5.4.3 to 5.7.2 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/819\"\u003eactions/labeler#819\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e from 7.3.1 to 8.17.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/824\"\u003eactions/labeler#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.2.5 to 3.4.2 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/825\"\u003eactions/labeler#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/jest\u003c/code\u003e from 29.5.12 to 29.5.14 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/827\"\u003eactions/labeler#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/832\"\u003eactions/labeler#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade ts-jest from 29.1.2 to 29.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/831\"\u003eactions/labeler#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​vercel/ncc\u003c/code\u003e from 0.38.1 to 0.38.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/830\"\u003eactions/labeler#830\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade typescript from 5.7.2 to 5.7.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/835\"\u003eactions/labeler#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/839\"\u003eactions/labeler#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.4 to 5.28.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/842\"\u003eactions/labeler#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​octokit/request-error\u003c/code\u003e from 5.0.1 to 5.1.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/846\"\u003eactions/labeler#846\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note regarding \u003ccode\u003epull_request_target\u003c/code\u003e to README.md by \u003ca href\u003d\"https://github.com/silverwind\"\u003e\u003ccode\u003e@​silverwind\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/669\"\u003eactions/labeler#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate readme with additional examples and important note about \u003ccode\u003epull_request_target\u003c/code\u003e event by \u003ca href\u003d\"https://github.com/IvanZosimov\"\u003e\u003ccode\u003e@​IvanZosimov\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/721\"\u003eactions/labeler#721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument update - permission section by \u003ca href\u003d\"https://github.com/harithavattikuti\"\u003e\u003ccode\u003e@​harithavattikuti\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/840\"\u003eactions/labeler#840\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/634933edcd8ababfe52f92936142cc22ac488b1b\"\u003e\u003ccode\u003e634933e\u003c/code\u003e\u003c/a\u003e publish-action upgrade to 0.4.0 from 0.2.2 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/f1a63e87db0c6baf19c5713083f8d00d789ca184\"\u003e\u003ccode\u003ef1a63e8\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24 in action and dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/891\"\u003e#891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/b0a1180683c9f17424de4d71c044bea4c7b9bc7c\"\u003e\u003ccode\u003eb0a1180\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​octokit/request-error\u003c/code\u003e from 5.0.1 to 5.1.1 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/846\"\u003e#846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/110d44140c9195b853f2f24044bbfed8f4968efb\"\u003e\u003ccode\u003e110d441\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/871\"\u003e#871\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/bee50fefe18762fad67754b2f3bfff2c8082ebb8\"\u003e\u003ccode\u003ebee50fe\u003c/code\u003e\u003c/a\u003e Bump undici from 5.28.4 to 5.28.5 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/842\"\u003e#842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/6463cdb00ee92c05bec55dffc4e1fce250301945\"\u003e\u003ccode\u003e6463cdb\u003c/code\u003e\u003c/a\u003e Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/839\"\u003e#839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/c209686724ee12fcc5e6294d1d569b91f86fa691\"\u003e\u003ccode\u003ec209686\u003c/code\u003e\u003c/a\u003e Bump typescript from 5.7.2 to 5.7.3 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/5184940b544b0096088a7b42d1b8a551003d9eb1\"\u003e\u003ccode\u003e5184940\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​vercel/ncc\u003c/code\u003e from 0.38.1 to 0.38.3 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/830\"\u003e#830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/3629d5568b59204f18786372f6d740d649719488\"\u003e\u003ccode\u003e3629d55\u003c/code\u003e\u003c/a\u003e Document update - permission section (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/d24f7f3731b2a06433c0bccc364d560c5329c48f\"\u003e\u003ccode\u003ed24f7f3\u003c/code\u003e\u003c/a\u003e Bump ts-jest from 29.1.2 to 29.2.5 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/831\"\u003e#831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/labeler/compare/8558fd74291d67161a8a78ce36a881fa63b766a9...634933edcd8ababfe52f92936142cc22ac488b1b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ossf/scorecard-action` from 2.4.2 to 2.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eThis update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.3.0\"\u003eScorecard v5.3.0 release notes\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e permissions needed for private repos by \u003ca href\u003d\"https://github.com/pankajtaneja5\"\u003e\u003ccode\u003e@​pankajtaneja5\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1574\"\u003eossf/scorecard-action#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:book: Fix recommended command to test the image in development by \u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1583\"\u003eossf/scorecard-action#1583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing top-level token permissions to workflows by \u003ca href\u003d\"https://github.com/timothyklee\"\u003e\u003ccode\u003e@​timothyklee\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1566\"\u003eossf/scorecard-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esetup codeowners for requesting reviews by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1576\"\u003eossf/scorecard-action#1576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:seedling: Improve printing options by \u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1584\"\u003eossf/scorecard-action#1584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/timothyklee\"\u003e\u003ccode\u003e@​timothyklee\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1566\"\u003eossf/scorecard-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/pankajtaneja5\"\u003e\u003ccode\u003e@​pankajtaneja5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1574\"\u003eossf/scorecard-action#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1584\"\u003eossf/scorecard-action#1584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a\"\u003e\u003ccode\u003e4eaacf0\u003c/code\u003e\u003c/a\u003e bump docker to ghcr v2.4.3 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a\"\u003e\u003ccode\u003e42e3a01\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 3 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1585\"\u003e#1585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15\"\u003e\u003ccode\u003e88c07ac\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128\"\u003e\u003ccode\u003e6c690f2\u003c/code\u003e\u003c/a\u003e Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd\"\u003e\u003ccode\u003e92083b5\u003c/code\u003e\u003c/a\u003e :book: Fix recommended command to test the image in development (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1583\"\u003e#1583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9\"\u003e\u003ccode\u003e7975ea6\u003c/code\u003e\u003c/a\u003e :seedling: Bump the docker-images group across 1 directory with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf\"\u003e\u003ccode\u003e0d1a743\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7\"\u003e\u003ccode\u003e46e6e0c\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1580\"\u003e#1580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d\"\u003e\u003ccode\u003ec3f1350\u003c/code\u003e\u003c/a\u003e :seedling: Improve printing options (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1584\"\u003e#1584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a\"\u003e\u003ccode\u003e43e475b\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1578\"\u003e#1578\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.29.11 to 3.30.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.5\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.4\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.2 - 09 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug which could cause language autodetection to fail. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3084\"\u003e#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: The \u003ccode\u003equality-queries\u003c/code\u003e input that was added in \u003ccode\u003e3.29.2\u003c/code\u003e as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3064\"\u003e#3064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.30.2 - 09 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug which could cause language autodetection to fail. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3084\"\u003e#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: The \u003ccode\u003equality-queries\u003c/code\u003e input that was added in \u003ccode\u003e3.29.2\u003c/code\u003e as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3064\"\u003e#3064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.1 - 05 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.0 - 01 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3599b3baa15b485a2e49ef411a7a4bb2452e7f93\"\u003e\u003ccode\u003e3599b3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3161\"\u003e#3161\u003c/a\u003e from github/update-v3.30.5-0a67bd46a\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2ca0085e584affd600efbd3930bc90e48dbacb46\"\u003e\u003ccode\u003e2ca0085\u003c/code\u003e\u003c/a\u003e Update changelog for v3.30.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0a67bd46a0f456ddad9e4b732137f519280275db\"\u003e\u003ccode\u003e0a67bd4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3160\"\u003e#3160\u003c/a\u003e from github/mbg/fix/upload-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8e34f2f3bf0f3f0b192913b0e0f234372329699b\"\u003e\u003ccode\u003e8e34f2f\u003c/code\u003e\u003c/a\u003e Add changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0b7fc5664842c1a6bb23c4ef64b85438afcb76c5\"\u003e\u003ccode\u003e0b7fc56\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eupload-sarif\u003c/code\u003e not uploading non-\u003ccode\u003e.sarif\u003c/code\u003e files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca\"\u003e\u003ccode\u003e94a9b7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3155\"\u003e#3155\u003c/a\u003e from github/mbg/node/no-install-in-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a0ae9ba2026911d58db9df06e6b074d8ef6c24c9\"\u003e\u003ccode\u003ea0ae9ba\u003c/code\u003e\u003c/a\u003e Log what the script is doing\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b27a8ef21f72b5c541232d50400874a3f0a374b9\"\u003e\u003ccode\u003eb27a8ef\u003c/code\u003e\u003c/a\u003e Exit if running in an Actions workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65925679a36e83b45b5f1673869dabf891669742\"\u003e\u003ccode\u003e6592567\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3139\"\u003e#3139\u003c/a\u003e from github/henrymercer/fix-log-message\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fa64a7dee67e389b18445aa15d26426512d9ab97\"\u003e\u003ccode\u003efa64a7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3154\"\u003e#3154\u003c/a\u003e from github/mbg/node/check-up-to-date-deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...3599b3baa15b485a2e49ef411a7a4bb2452e7f93\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "b99d556ec6096965eb177111299c0783678200f6", "tree": "f878a732e61b6effc9c46fb76772c5fadcafb72b", "parents": [ "abe4939b290fae8a1a38f2b2c37d49700a10c606" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Sep 01 06:00:25 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Sep 01 06:00:25 2025" }, "message": "Bump the github-actions group across 1 directory with 3 updates (#2534)\n\nBumps the github-actions group with 3 updates in the / directory: [actions/cache](https://github.com/actions/cache), [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 4.2.3 to 4.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ccode\u003e4.0.5\u003c/code\u003e and move \u003ccode\u003e@protobuf-ts/plugin\u003c/code\u003e to dev depdencies by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1634\"\u003eactions/cache#1634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release \u003ccode\u003e4.2.4\u003c/code\u003e by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1636\"\u003eactions/cache#1636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4...v4.2.4\"\u003ehttps://github.com/actions/cache/compare/v4...v4.2.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed restore \u003ccode\u003efail-on-cache-miss\u003c/code\u003e not working.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0400d5f644dc74513175e3cd8d07132dd4860809\"\u003e\u003ccode\u003e0400d5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1636\"\u003e#1636\u003c/a\u003e from actions/Link-/release-4.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/374a27f26986edd8c430f386d152a856e179c0ae\"\u003e\u003ccode\u003e374a27f\u003c/code\u003e\u003c/a\u003e Prepare release 4.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/358a7306cd9d78ceffc19271e69cd8528462fccf\"\u003e\u003ccode\u003e358a730\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1634\"\u003e#1634\u003c/a\u003e from actions/Link-/optimise-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/2ee706ef74683b68fd97d45e549070fc28642768\"\u003e\u003ccode\u003e2ee706e\u003c/code\u003e\u003c/a\u003e Fix with another approach\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/94f7b5d9135a3af2d928e87120da293c9a920f90\"\u003e\u003ccode\u003e94f7b5d\u003c/code\u003e\u003c/a\u003e Fix bundle exec\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/c36116c3f4852e9868973e98be949d101f296afa\"\u003e\u003ccode\u003ec36116c\u003c/code\u003e\u003c/a\u003e Fix the workflow to use licensed from source\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/320fe7d56bfd8d9e7b7694dce399643f5b61d580\"\u003e\u003ccode\u003e320fe7d\u003c/code\u003e\u003c/a\u003e Update the licensed workflow to use the latest version\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/d81cc477d92d48462edee5b1e53b15613993e818\"\u003e\u003ccode\u003ed81cc47\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/de243982c557f21f36de55f0c01cd6a8e7a6aa71\"\u003e\u003ccode\u003ede24398\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/e7b6a9cc9d34d03fd2bf2834b35a8b9e82faa8e5\"\u003e\u003ccode\u003ee7b6a9c\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​protobuf-ts/plugin\u003c/code\u003e to dev dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...0400d5f644dc74513175e3cd8d07132dd4860809\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 4.2.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/checkout/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release v4.3.0 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2237\"\u003eactions/checkout#2237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/checkout/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eV5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NPM dependencies by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1703\"\u003eactions/checkout#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1694\"\u003eactions/checkout#1694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 1 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1696\"\u003eactions/checkout#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 2 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1695\"\u003eactions/checkout#1695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME: Suggest \u003ccode\u003euser.email\u003c/code\u003e to be \u003ccode\u003e41898282+github-actions[bot]@users.noreply.github.com\u003c/code\u003e by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1707\"\u003eactions/checkout#1707\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable \u003ccode\u003eextensions.worktreeConfig\u003c/code\u003e when disabling \u003ccode\u003esparse-checkout\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1692\"\u003eactions/checkout#1692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd dependabot config by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1688\"\u003eactions/checkout#1688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-actions-dependencies group with 2 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1693\"\u003eactions/checkout#1693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump word-wrap from 1.2.3 to 1.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1643\"\u003eactions/checkout#1643\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.3\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917\"\u003e\u003ccode\u003e9f26565\u003c/code\u003e\u003c/a\u003e Update actions checkout to use node 24 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2226\"\u003e#2226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955\"\u003e\u003ccode\u003e08eba0b\u003c/code\u003e\u003c/a\u003e Prepare release v4.3.0 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2237\"\u003e#2237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/631c7dc4f80f88219c5ee78fee08c6b62fac8da1\"\u003e\u003ccode\u003e631c7dc\u003c/code\u003e\u003c/a\u003e Update package dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/8edcb1bdb4e267140fa742c62e395cd74f332709\"\u003e\u003ccode\u003e8edcb1b\u003c/code\u003e\u003c/a\u003e Update CODEOWNERS for actions (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2224\"\u003e#2224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/09d2acae674a48949e3602304ab46fd20ae0c42f\"\u003e\u003ccode\u003e09d2aca\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2194\"\u003e#2194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/85e6279cec87321a52edac9c87bce653a07cf6c2\"\u003e\u003ccode\u003e85e6279\u003c/code\u003e\u003c/a\u003e Adjust positioning of user email note and permissions heading (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/009b9ae9e446ad8d9b8c809870b0fbcc5e03573e\"\u003e\u003ccode\u003e009b9ae\u003c/code\u003e\u003c/a\u003e Documentation update - add recommended permissions to Readme (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2043\"\u003e#2043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/cbb722410c2e876e24abbe8de2cc27693e501dcb\"\u003e\u003ccode\u003ecbb7224\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/1977\"\u003e#1977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/3b9b8c884f6b4bb4d5be2779c26374abadae0871\"\u003e\u003ccode\u003e3b9b8c8\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/1971\"\u003e#1971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.29.2 to 3.29.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.29.11\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.11/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the Action would autodetect unsupported languages such as HTML. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.8/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.7\u003c/h2\u003e\n\u003cp\u003eThis is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.\u003c/p\u003e\n\u003ch2\u003ev3.29.6\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the Action would autodetect unsupported languages such as HTML. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.7 - 07 Aug 2025\u003c/h2\u003e\n\u003cp\u003eThis release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.\u003c/p\u003e\n\u003ch2\u003e3.29.6 - 07 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003ecleanup-level\u003c/code\u003e input to the \u003ccode\u003eanalyze\u003c/code\u003e Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2999\"\u003e#2999\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3000\"\u003e#3000\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.5 - 29 Jul 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2986\"\u003e#2986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.4 - 23 Jul 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.3 - 21 Jul 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3c3833e0f8c1c83d449a7478aa59c036a9165498\"\u003e\u003ccode\u003e3c3833e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3052\"\u003e#3052\u003c/a\u003e from github/update-v3.29.11-14148a433\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8c4bfbd99ba6ef652eca12461ad7618142e00679\"\u003e\u003ccode\u003e8c4bfbd\u003c/code\u003e\u003c/a\u003e Update changelog for v3.29.11\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/14148a433d789d9b6c7dadb56d8e3f8ad1e59605\"\u003e\u003ccode\u003e14148a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3044\"\u003e#3044\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.22.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/71b2cb38a1e682cb9b2453a5f1400eef870a37df\"\u003e\u003ccode\u003e71b2cb3\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2bf78254cceec27aab20b1623ba68c63c6eb85c6\"\u003e\u003ccode\u003e2bf7825\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.22.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/db69a5182d331d562e511302ae3c9aafd5fada6c\"\u003e\u003ccode\u003edb69a51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3049\"\u003e#3049\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a68d47bfa574c69f3de7d6484cf28a9c55ff7287\"\u003e\u003ccode\u003ea68d47b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3050\"\u003e#3050\u003c/a\u003e from github/henrymercer/init-not-called-config-error\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e496ff959372e828f30b1518fd22cb76170cf5db\"\u003e\u003ccode\u003ee496ff9\u003c/code\u003e\u003c/a\u003e Make \u0026quot;init not called\u0026quot; a configuration error\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fd2ea72d34cdf8157d85d93decf87671705166a3\"\u003e\u003ccode\u003efd2ea72\u003c/code\u003e\u003c/a\u003e Update supported GitHub Enterprise Server versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/6dee5bc9c165ca206a70f4e3d18271971cf6ff26\"\u003e\u003ccode\u003e6dee5bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3045\"\u003e#3045\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-5b4171dd16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...3c3833e0f8c1c83d449a7478aa59c036a9165498\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "abe4939b290fae8a1a38f2b2c37d49700a10c606", "tree": "1a23568de093f00e49c28fa02a302bf90c75740d", "parents": [ "81e0579ce5265207b422b5da04305a4422265405" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed Aug 27 15:29:52 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Aug 27 15:29:52 2025" }, "message": "Remove executable argument forwarding in tests (#2533)\n\nSimilar to #2528\n\nThis case of argument forwarding existed since the test runner was first\nwritten. It\u0027s not clear exactly why it was necessary, and it should be safe\nto remove.\n\nThe existing argument forwarding breaks some tests on CI where an\nunexpected argument is passed to some dart invocations." }, { "commit": "81e0579ce5265207b422b5da04305a4422265405", "tree": "9d15bac772e9820a3c1641b0d58be8847c2b9d0e", "parents": [ "9354f239b0eb42a459200b432893d7d026056391" ], "author": { "name": "Ömer Sinan Ağacan", "email": "omersa@google.com", "time": "Tue Aug 26 12:18:44 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Aug 26 12:18:44 2025" }, "message": "Serve dart2wasm source map files (#2532)\n\n" }, { "commit": "9354f239b0eb42a459200b432893d7d026056391", "tree": "4d0c7234fca374b3d24a0e51ab85b959c93275e9", "parents": [ "5aef9719ad9b598260c062b2a90a50d2f50a78f3" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Thu Aug 07 02:56:52 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Aug 07 02:56:52 2025" }, "message": "Add `--coverage-path` and `--branch-coverage` options (#2517)\n\n" }, { "commit": "5aef9719ad9b598260c062b2a90a50d2f50a78f3", "tree": "6ee60a9d955eccb0bdf51d43b8b94c5f4e0bda30", "parents": [ "953e8282c6e1d08d47d53169fea7ccb7db8475fa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Aug 04 22:26:59 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Aug 04 22:26:59 2025" }, "message": "Allow connecting to the runner from test suite (#2526)\n\nCloses #2497\n\nAdd a zone variable when the declarer runs `main` from the test suite\nwhich gives access to the `connectOut` callback which creates a channel\nback to the runner with a provided name.\n\nAdd an optional argument allowing a map of zone values to the `declare`\nmethod and use it from the remote listener." }, { "commit": "953e8282c6e1d08d47d53169fea7ccb7db8475fa", "tree": "dcd385ab28931265a4ec56a910d1a0d7d940820d", "parents": [ "6aeb1e4fbc409c142d786b90d81b867e16486699" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Aug 01 18:38:30 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Aug 01 18:38:30 2025" }, "message": "Drop executable arguments forwarding (#2528)\n\nCloses #2527\n\nDuring the null safety migration there were `dart` level flags that\nneeded to be kept in sync for precompiled JS tests so the platform\nexecutable arguments were forwarded direclty. This is currently causing\na test failure, and there are no null safety related `dart` level flags\nso drop the forwarding." }, { "commit": "6aeb1e4fbc409c142d786b90d81b867e16486699", "tree": "b78ea224b88241d7af47897ca8e9d811e8dad7bc", "parents": [ "65a376983298b5637521f6e022daa60ccd78c2fa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Jul 24 17:27:08 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jul 24 17:27:08 2025" }, "message": "Consider NaN a match for itself (#2524)\n\nCloses #2520\n\nA `double.nan` is not equal to itself with the `\u003d\u003d` operator, but for\nthe purposes of testing it\u0027s easier to consider a `NaN` correct where a\n`NaN` was expected. This matches behavior in several other testing\nframeworks in other languages. This is unlikely to cause existing tests\nto fail or change semantics since a test is unlikely to use non-equality\nas a positive indication of a `NaN` result." }, { "commit": "65a376983298b5637521f6e022daa60ccd78c2fa", "tree": "19cf800cad70a92eea34c8cb9d0a7c1b2430bf69", "parents": [ "c201cc98cc969c3632b2b0b4eee469330fc3ed9b" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed Jul 23 22:01:55 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jul 23 22:01:55 2025" }, "message": "Use latest analyzer and language version (#2523)\n\n- Migrate to the new `name` field definition.\n- Require the latest `analyzer`.\n- Update min SDK to one supported by analyer.\n- Reformat at the latest language version.\n- Use single underscore wildcards." }, { "commit": "c201cc98cc969c3632b2b0b4eee469330fc3ed9b", "tree": "fc7eba776e243144c9ebf330af23a7cea215c1aa", "parents": [ "2be5ca067bdf09e999be2ad760ab8efab854e789" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Jul 21 19:26:58 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jul 21 19:26:58 2025" }, "message": "Expand Analyzer constraints to allow 8.x (#2518)\n\nIgnore deprecated analyzer APIs to publish a cross-compatible version of\nthe test packages before bumping to require the latest version." }, { "commit": "2be5ca067bdf09e999be2ad760ab8efab854e789", "tree": "063291e216de3a8bbea5adcb585b92382d6fb865", "parents": [ "3d5aaa3f075de3eb1f67fef446b239ec2726a9eb" ], "author": { "name": "Devon Carew", "email": "devoncarew@gmail.com", "time": "Tue Jul 01 20:41:04 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jul 01 20:41:04 2025" }, "message": "prep to publish package:checks 0.3.1 (#2513)\n\n" }, { "commit": "3d5aaa3f075de3eb1f67fef446b239ec2726a9eb", "tree": "959ac44a9c369306c264519da2f4f51afa8fa702", "parents": [ "8e703e28f772257776745fa482ea4077c0ba074c" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Jul 01 06:35:25 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jul 01 06:35:25 2025" }, "message": "Bump github/codeql-action from 3.28.18 to 3.29.2 in the github-actions group (#2514)\n\nBumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 3.28.18 to 3.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.29.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug in PR analysis where user-provided \u003ccode\u003einclude\u003c/code\u003e query filter fails to exclude non-included queries. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2938\"\u003e#2938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.0\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.0 - 11 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2925\"\u003e#2925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.16.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2912\"\u003e#2912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.19\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.19 - 03 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2910\"\u003e#2910\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug in PR analysis where user-provided \u003ccode\u003einclude\u003c/code\u003e query filter fails to exclude non-included queries. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2938\"\u003e#2938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.0 - 11 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2925\"\u003e#2925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.16.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2912\"\u003e#2912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.19 - 03 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2910\"\u003e#2910\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b\"\u003e\u003ccode\u003e181d5ee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2957\"\u003e#2957\u003c/a\u003e from github/update-v3.29.2-4c57370d0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca\"\u003e\u003ccode\u003ec77386a\u003c/code\u003e\u003c/a\u003e Fix changelog PR number\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b\"\u003e\u003ccode\u003e8d43d4e\u003c/code\u003e\u003c/a\u003e Update changelog for v3.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a\"\u003e\u003ccode\u003e4c57370\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2935\"\u003e#2935\u003c/a\u003e from github/mbg/interpret-cq-results\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c\"\u003e\u003ccode\u003e2830b75\u003c/code\u003e\u003c/a\u003e Add changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c\"\u003e\u003ccode\u003eaa72dda\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into mbg/interpret-cq-results\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551\"\u003e\u003ccode\u003e65d1e45\u003c/code\u003e\u003c/a\u003e Rename \u003ccode\u003eSARIF_UPLOAD_ENDPOINT\u003c/code\u003e members\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f\"\u003e\u003ccode\u003e362ebf8\u003c/code\u003e\u003c/a\u003e Check both SARIF files in \u003ccode\u003equality-queries.yml\u003c/code\u003e test\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab\"\u003e\u003ccode\u003e10a3e4b\u003c/code\u003e\u003c/a\u003e Fix formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae\"\u003e\u003ccode\u003e8593ea6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2954\"\u003e#2954\u003c/a\u003e from github/mergeback/v3.29.1-to-main-39edc492\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...181d5eefc20863364f96762470ba6f862bdef56b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.28.18\u0026new-version\u003d3.29.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "8e703e28f772257776745fa482ea4077c0ba074c", "tree": "6119e1981b605b2ab3fdd7a1ab452ef4fd893d66", "parents": [ "0793a2b3262ac900558c49c76e9bbe4f29f91ea4" ], "author": { "name": "Seth Ladd", "email": "sethladd@google.com", "time": "Tue Jul 01 04:04:41 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jul 01 04:04:41 2025" }, "message": "Update README.md to clarify this is an experiment (#2512)\n\nCo-authored-by: Devon Carew \u003cdevoncarew@gmail.com\u003e" }, { "commit": "0793a2b3262ac900558c49c76e9bbe4f29f91ea4", "tree": "7c663284439343937fee5ed0a940a5fc44599490", "parents": [ "e2ddae9f2943eac2f6c5caf30bc6316e4bff4a8c" ], "author": { "name": "Agam Agarwal", "email": "agammaster@gmail.com", "time": "Wed Jun 04 23:15:16 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jun 04 23:15:16 2025" }, "message": "Add isSorted and related matchers (#2490)\n\n" }, { "commit": "e2ddae9f2943eac2f6c5caf30bc6316e4bff4a8c", "tree": "080cef25bec99113c1adad44ccbe2cc6f8e0d072", "parents": [ "42a6d333d96b4b0964d356b9a29ca47ccdb43691" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Jun 01 03:58:24 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Jun 01 03:58:24 2025" }, "message": "Bump the github-actions group with 2 updates (#2506)\n\nBumps the github-actions group with 2 updates: [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `ossf/scorecard-action` from 2.4.1 to 2.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eThis update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.2.0\"\u003ev5.2.0\u003c/a\u003e and \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.2.1\"\u003ev5.2.1\u003c/a\u003e release notes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/05b42c624433fc40578a4040d5cf5e36ddca8cde\"\u003e\u003ccode\u003e05b42c6\u003c/code\u003e\u003c/a\u003e :seedling: bump docker to ghcr v2.4.2 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1548\"\u003e#1548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/b225da6b2b97811a123bb34532642f3ad6a4f011\"\u003e\u003ccode\u003eb225da6\u003c/code\u003e\u003c/a\u003e Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/9399f6f42496e38fbb8dbcf85e17223226a5dafe\"\u003e\u003ccode\u003e9399f6f\u003c/code\u003e\u003c/a\u003e :seedling: Bump the docker-images group across 1 directory with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/e1daa8c5c7ed469dbb0167e261ed1c9fa673a9ae\"\u003e\u003ccode\u003ee1daa8c\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group across 1 directory with 5 updates (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/9fe6511b9b36af3b03200e49cf8fb09d261b5402\"\u003e\u003ccode\u003e9fe6511\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.39.0 to 0.40.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1542\"\u003e#1542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/25b9cd9cd11610dcac11e59afed9910714b12129\"\u003e\u003ccode\u003e25b9cd9\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1547\"\u003e#1547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/18cc9b81307fc5ab3c2cd7092955f06dcfdf8c42\"\u003e\u003ccode\u003e18cc9b8\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.38.0 to 0.39.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/db7814227b097a902957aa24d989c6e473613a8e\"\u003e\u003ccode\u003edb78142\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/de386ed459e2f85111697f50fe076d0ea617a32f\"\u003e\u003ccode\u003ede386ed\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang from 1.24.1 to 1.24.2 in the docker-images group (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1534\"\u003e#1534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/5b7cedba4eccfb66a6277e40cbe18d1d559ecc00\"\u003e\u003ccode\u003e5b7cedb\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1537\"\u003e#1537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.28.16 to 3.28.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.28.18\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.18/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.17\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.17/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2838\"\u003e#2838\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.13 - 24 Mar 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.12 - 19 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency caching should now cache more dependencies for Java \u003ccode\u003ebuild-mode: none\u003c/code\u003e extractions. This should speed up workflows and avoid inconsistent alerts in some cases.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2810\"\u003e#2810\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.11 - 07 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2793\"\u003e#2793\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ff0a06e83cb2de871e5a09832bc6a81e7276941f\"\u003e\u003ccode\u003eff0a06e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2896\"\u003e#2896\u003c/a\u003e from github/update-v3.28.18-b86edfc27\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a41e0844be4d25fcef7ce7fa536f3e30275a9a1c\"\u003e\u003ccode\u003ea41e084\u003c/code\u003e\u003c/a\u003e Update changelog for v3.28.18\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b86edfc27a1e0d3b55127a7496a1c770a02b2f84\"\u003e\u003ccode\u003eb86edfc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2893\"\u003e#2893\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e93b90025f7c49dccc3ee640c4155b63eb9a6b39\"\u003e\u003ccode\u003ee93b900\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into update-bundle/codeql-bundle-v2.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/510dfa3460b15b34a807ab5609b4691aed5ebbee\"\u003e\u003ccode\u003e510dfa3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2894\"\u003e#2894\u003c/a\u003e from github/henrymercer/skip-validating-codeql-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/492d7832457da825a964331d860789f3f19d105b\"\u003e\u003ccode\u003e492d783\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/skip-validating-codeql-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/83bdf3b7f92061d2f6d74e2a4555ecf719adad68\"\u003e\u003ccode\u003e83bdf3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2859\"\u003e#2859\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cffc916774454a5ead1c8fb7925abad20cda85e4\"\u003e\u003ccode\u003ecffc916\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2891\"\u003e#2891\u003c/a\u003e from austinpray-mixpanel/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4420887272f1c68c7c58ca2970bdfb5eb657cf08\"\u003e\u003ccode\u003e4420887\u003c/code\u003e\u003c/a\u003e Add deprecation warning for CodeQL 2.16.5 and earlier\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4e178c584157c51ff3d6fb87c764e7ed0715f82a\"\u003e\u003ccode\u003e4e178c5\u003c/code\u003e\u003c/a\u003e Update supported versions table in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...ff0a06e83cb2de871e5a09832bc6a81e7276941f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "42a6d333d96b4b0964d356b9a29ca47ccdb43691", "tree": "2a5807c3f8f4994989b1701d7fced28a07758da2", "parents": [ "5ffcb36fd6c82843f25ed96585a4b9e96022e7f9" ], "author": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Wed May 21 09:59:58 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 21 09:59:58 2025" }, "message": "[native assets] Graduate to preview (#2501)\n\n" }, { "commit": "5ffcb36fd6c82843f25ed96585a4b9e96022e7f9", "tree": "ae20acd1c1d3118354f30d8aa7282bf580ac9219", "parents": [ "b9c59ea01ab0c055d120fd6542af663704c16938" ], "author": { "name": "Danny Tuppeny", "email": "danny@tuppeny.com", "time": "Mon May 19 15:16:07 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 19 15:16:07 2025" }, "message": "Fix an issue with failed assertions using setUpAll/tearDownAll (#2499)\n\nWhen groups are filtered using `filter()` and not `onPlatform`, we would clone the group and tests without also cloning `setUpAll`/`tearDownAll`, which led to an assertion failure when trying to set the parents.\n\nThis change ensures we clone tests in `filter()` like we do in `forPlatform()`.\n\nFixes https://github.com/dart-lang/test/issues/2498" }, { "commit": "b9c59ea01ab0c055d120fd6542af663704c16938", "tree": "c1011cfa40a21d29f8eae0f205a482a26d3f024d", "parents": [ "e6d4877e4143715d79e8756d9234da1fe22a652d", "a1e295b4f657f4e37dc976cf45fd325e992a1bc5" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 00:47:05 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 13 00:47:05 2025" }, "message": "Set a debug name for test isolates (#2494)\n\n" }, { "commit": "a1e295b4f657f4e37dc976cf45fd325e992a1bc5", "tree": "c1011cfa40a21d29f8eae0f205a482a26d3f024d", "parents": [ "3c3878afe773a4a3d654da0900394e189ee0df55" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 00:23:10 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 00:23:10 2025" }, "message": "Fix CI\n" }, { "commit": "3c3878afe773a4a3d654da0900394e189ee0df55", "tree": "4200670b1d62a5a6f41cf287047b5dae05d3bfc6", "parents": [ "90e64ec2887ed07e220793ab916d91fca05a6241" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 00:15:44 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 00:15:44 2025" }, "message": "Include the test URI in the debug name\n" }, { "commit": "90e64ec2887ed07e220793ab916d91fca05a6241", "tree": "6e99cdb1f9b0d5779a93050f6b8c4efb67e2b1d1", "parents": [ "d67c897bc3de1ccea525eff1bb6324383bd9b250" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue May 13 00:09:27 2025" }, "committer": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue May 13 00:09:27 2025" }, "message": "Bump version\n\ntest_core 0.6.9 is already published, bump to a -wip version.\n" }, { "commit": "d67c897bc3de1ccea525eff1bb6324383bd9b250", "tree": "104f536669c46657decb7bd570009c97dadba4cc", "parents": [ "4097e1be7d97c2cbdc8a6f2ad00dfeb6907abdee", "e6d4877e4143715d79e8756d9234da1fe22a652d" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Mon May 12 21:13:11 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 12 21:13:11 2025" }, "message": "Merge branch \u0027master\u0027 into isolate_debug_name" }, { "commit": "e6d4877e4143715d79e8756d9234da1fe22a652d", "tree": "f37c837cf578e49c9af31376a296df013698eeac", "parents": [ "55d1f9ed414bc01b0ffefa64644aa7756142db58" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Mon May 12 19:40:39 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 12 19:40:39 2025" }, "message": "release test packages (#2495)\n\ncc @DanTup" }, { "commit": "4097e1be7d97c2cbdc8a6f2ad00dfeb6907abdee", "tree": "1e567fbbdec59bc56c7132de00ea001e26c2c916", "parents": [ "7800c010596333f508a841d1b384ecc28501cfc3" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 01:06:14 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 01:06:14 2025" }, "message": "revert workflow debugging\n" }, { "commit": "7800c010596333f508a841d1b384ecc28501cfc3", "tree": "1d058b33dcfee178c6ca2bf0c0d99baacf9412a1", "parents": [ "455483b5fd8cd44200a7df073affa0539017339d" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:57:13 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:57:13 2025" }, "message": "fmt\n" }, { "commit": "455483b5fd8cd44200a7df073affa0539017339d", "tree": "04cb41e175a21b3c06a940a64f4674254b941dc1", "parents": [ "c9b5b6fa021f6040ab04c88e223eb8f5354f99a0" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:51:16 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:51:16 2025" }, "message": "changelog\n" }, { "commit": "c9b5b6fa021f6040ab04c88e223eb8f5354f99a0", "tree": "5b264b353a44716057a9c9d9e7cedf78378aceac", "parents": [ "39c4b31decb933c837d0c4d67e6e787ef0ca01ea" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:32:15 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:32:15 2025" }, "message": "fmt\n" }, { "commit": "39c4b31decb933c837d0c4d67e6e787ef0ca01ea", "tree": "6544bd8fb3c689294fd4cdff7aab6ca0d3f4b036", "parents": [ "55d1f9ed414bc01b0ffefa64644aa7756142db58" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:09:29 2025" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 00:09:29 2025" }, "message": "Set a debug name for test isolates\n" }, { "commit": "55d1f9ed414bc01b0ffefa64644aa7756142db58", "tree": "af12ef6ed585fb97cef080a87ffb522c8a2326af", "parents": [ "c3755d8057f29318e31f55e86b3a74d1a48f5d0a" ], "author": { "name": "Fichtelcoder", "email": "de.frankenapps@gmail.com", "time": "Mon May 05 04:41:08 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 05 04:41:08 2025" }, "message": "Fix typos in json_reporter documentation (#2493)\n\nFix two minor typos in the documentation for the `json_reporter`.\n\nSeveral tools parse this documentation and therefore use the incorrect\ncomments." }, { "commit": "c3755d8057f29318e31f55e86b3a74d1a48f5d0a", "tree": "7e762ad1426165c204930a8029e9f40c49e01b75", "parents": [ "935b8b04f72ed902b66fd869447cd05bdbd94e6a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu May 01 03:32:25 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 01 03:32:25 2025" }, "message": "Bump github/codeql-action from 3.28.13 to 3.28.16 in the github-actions group (#2492)\n\nBumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 3.28.13 to 3.28.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.28.16\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.16/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.15\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.15/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.14\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2838\"\u003e#2838\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.14/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2838\"\u003e#2838\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.13 - 24 Mar 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.12 - 19 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency caching should now cache more dependencies for Java \u003ccode\u003ebuild-mode: none\u003c/code\u003e extractions. This should speed up workflows and avoid inconsistent alerts in some cases.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2810\"\u003e#2810\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.11 - 07 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2793\"\u003e#2793\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.9 - 07 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2753\"\u003e#2753\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.8 - 29 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2744\"\u003e#2744\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.7 - 29 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/28deaeda66b76a05916b6923827895f2b14ab387\"\u003e\u003ccode\u003e28deaed\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2865\"\u003e#2865\u003c/a\u003e from github/update-v3.28.16-2a8cbadc0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/03c5d71c11f6cb2c5ba7eef371219a862be30193\"\u003e\u003ccode\u003e03c5d71\u003c/code\u003e\u003c/a\u003e Update changelog for v3.28.16\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2a8cbadc02bb64a7fd15d37c977acbad02496c80\"\u003e\u003ccode\u003e2a8cbad\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2863\"\u003e#2863\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f76eaf51a636a5c1d927998267d92d6475363ace\"\u003e\u003ccode\u003ef76eaf5\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e63b3f5166c15fda4eb17886f01abe9445dd13f5\"\u003e\u003ccode\u003ee63b3f5\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4c3e5362829f0b0bb62ff5f6c938d7f95574c306\"\u003e\u003ccode\u003e4c3e536\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2853\"\u003e#2853\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-7d84c66b66\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/56dd02f26d99811d607284494ff84b7d862fe837\"\u003e\u003ccode\u003e56dd02f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2852\"\u003e#2852\u003c/a\u003e from github/dependabot/github_actions/actions-457587...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/192406dd845fb2228fcea74898b98df2a6cdcef6\"\u003e\u003ccode\u003e192406d\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into dependabot/github_actions/actions-4575878e06\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c7dbb2084ed1bb623fbbb3976cd6dbae6daaf1fe\"\u003e\u003ccode\u003ec7dbb20\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2857\"\u003e#2857\u003c/a\u003e from github/nickfyson/address-vulns\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9a45cd8c5025281c30bbb652197ace083c291e49\"\u003e\u003ccode\u003e9a45cd8\u003c/code\u003e\u003c/a\u003e move use of input variables into env vars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...28deaeda66b76a05916b6923827895f2b14ab387\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.28.13\u0026new-version\u003d3.28.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "935b8b04f72ed902b66fd869447cd05bdbd94e6a", "tree": "40c131ef7e7c22d91f34391d3b16401f93884b96", "parents": [ "3ac991fa5ea406474e4d8d6c823fc078a6c6c6b4" ], "author": { "name": "Danny Tuppeny", "email": "danny@tuppeny.com", "time": "Mon Apr 28 15:53:56 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 28 15:53:56 2025" }, "message": "Allow specifying an explicit location for test/groups (#2481)\n\nUsually test locations (which are used both to report the location of\ntests in the json reporter, and also for filtering tests by line/col)\nare inferred from the call stack when test() is called.\n\nThis changes adds a new `location` parameter to group/test to allow this\ninformation to be provided explicitly. This can be useful where the call\nto `test()` doesn\u0027t contain the actual location of the declaration in\nthe call stack (for example when using `pkg:test_reflective_loader`).\n\nSee https://github.com/dart-lang/test/issues/2029\nSee https://github.com/Dart-Code/Dart-Code/issues/5480" }, { "commit": "3ac991fa5ea406474e4d8d6c823fc078a6c6c6b4", "tree": "44aa31d503e3a6ddaa0fb9f7b4eb0c4ea8e3a3b9", "parents": [ "84eba115521b74e848f096572a2d3e4d3607e8fa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Apr 17 19:03:03 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 17 19:03:03 2025" }, "message": "Fix typos in README (#2487)\n\n" }, { "commit": "84eba115521b74e848f096572a2d3e4d3607e8fa", "tree": "a4286358b1fa267b17117bfccb0b55954891032d", "parents": [ "9f9fd77d4709e70bf9ec2a55853092256ace98d4", "ab850972b384a9ed1cf8f74c73d4475d0a5b982a" ], "author": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Fri Apr 11 14:09:22 2025" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 11 14:09:22 2025" }, "message": "[native assets] Add support for pub workspaces (#2484)\n\nCloses: https://github.com/dart-lang/test/issues/2483\n\nTested in `dartdev`: https://dart-review.googlesource.com/c/sdk/+/422080\n\nPackages must opt in to a new version of package test to adopt this fix.\n(`dartdev` uses the version of `package:test` that\u0027s in the users\u0027\npubspec, rather than the one that\u0027s rolled in the Dart SDK!)\nIn the test for `dartdev` I manually applied the edits to\n`third_party/pkg/test/pkgs/test_core` and overrode the dependencies." } ], "next": "ab850972b384a9ed1cf8f74c73d4475d0a5b982a" }