)]}' { "log": [ { "commit": "1d56f263955f329b6701d8f84f069eb0aef353a4", "tree": "a474ad87bb1e0c081ebf68fdfa4a7b4c8522e22c", "parents": [ "6396d5102b1b72764df37e1cb74fbee2cd1d4084" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Thu Jun 18 11:23:46 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 18 11:23:46 2026 +0200" }, "message": "Document example directive (#4261)" }, { "commit": "6396d5102b1b72764df37e1cb74fbee2cd1d4084", "tree": "ddfa358e8c9d8f7748fe2261e0de8fd5fb7719ae", "parents": [ "a8cca82528102698dcc1a1eebfcefc8d1c9c7c3b" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Tue Jun 16 09:42:24 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jun 16 09:42:24 2026 +0200" }, "message": "Support region extraction in {@example} directive (#4253)" }, { "commit": "a8cca82528102698dcc1a1eebfcefc8d1c9c7c3b", "tree": "272e97a2c490f06946db570a5de2bc3232e89e91", "parents": [ "869c9ff266ed3e28a8992e407d148c3b0fbe9488" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Jun 15 14:34:08 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 15 14:34:08 2026 +0200" }, "message": "Filter invalid annotations on primary constructor parameters (#4254)" }, { "commit": "869c9ff266ed3e28a8992e407d148c3b0fbe9488", "tree": "3e0a83ee206091036061f502c37924feda22a102", "parents": [ "a63e6b6f5be895ea9dd3814796e86a97ea6e3706" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Jun 15 14:17:49 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 15 14:17:49 2026 +0200" }, "message": "Require analyzer 13.0.2 and replace deprecated getChildAssumingFolder and getChildAssumingFile (#4255)" }, { "commit": "a63e6b6f5be895ea9dd3814796e86a97ea6e3706", "tree": "8439cd46e3ee5d9f8b78936422a714c05fb17123", "parents": [ "541deb50f190ad7604d7f836e04b18687de6a52c" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Jun 15 11:45:21 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 15 11:45:21 2026 +0200" }, "message": "Bump to 9.0.5 (#4256)" }, { "commit": "541deb50f190ad7604d7f836e04b18687de6a52c", "tree": "1be2b048b4790816204c5f1e15bb1bb061fbbfc7", "parents": [ "d0fac90eb4213db3d5f8d8ff360a4f4bcb4b7ae2" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Jun 12 12:45:25 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jun 12 12:45:25 2026 +0200" }, "message": "Bump analyzer_testing from 0.2.6 to 0.3.0 (#4252)\n\nBumps [analyzer_testing](https://github.com/dart-lang/sdk/tree/main/pkg)\nfrom 0.2.6 to 0.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/0109fd9664396918bb68d12ff958bc8a564a0bb4\"\u003e\u003ccode\u003e0109fd9\u003c/code\u003e\u003c/a\u003e\nNo longer work around issue 7761.\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/8ff8590cd3a1129d7826f663fc3a70e50f7fa990\"\u003e\u003ccode\u003e8ff8590\u003c/code\u003e\u003c/a\u003e\nAdd homepage to pubspec.yaml .\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/4622dc3e7670a92bc167f5cdd525b6950641ccee\"\u003e\u003ccode\u003e4622dc3\u003c/code\u003e\u003c/a\u003e\nMake browser tests all run from a server instead of the local\nfilesystem.\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/de347e5b4d845a9c625f9cd0f2aef7410a694c2d\"\u003e\u003ccode\u003ede347e5\u003c/code\u003e\u003c/a\u003e\nFix minor path handling issue in path package.\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/fb052dd67c2677d078714a17540adb228d7e2d14\"\u003e\u003ccode\u003efb052dd\u003c/code\u003e\u003c/a\u003e\nImprove compact and default configuration\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/603f5b678e0881f185bf836971810cedd77f7433\"\u003e\u003ccode\u003e603f5b6\u003c/code\u003e\u003c/a\u003e\nAdd again useVmConfiguration for deprecation purposes. This requires\nadding a\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/b3b4c02a9623dc0451144ae3baa37351f8c33f54\"\u003e\u003ccode\u003eb3b4c02\u003c/code\u003e\u003c/a\u003e\nMake output formats pluggable, adapt to new libraries\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/2394891f649c1f8970c7e66c9569c14d6b35db78\"\u003e\u003ccode\u003e2394891\u003c/code\u003e\u003c/a\u003e\nAdd command support to args.\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/14dcd604b727403f53c66102e81ca5645acfaccd\"\u003e\u003ccode\u003e14dcd60\u003c/code\u003e\u003c/a\u003e\nMake \u0027useXConfiguration\u0027 check for an existing configuration. This is so\nthat it\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commit/34a0db05e2d629806e9c16d392c60b2fbffb2c07\"\u003e\u003ccode\u003e34a0db0\u003c/code\u003e\u003c/a\u003e\nUpdate status file for jsshell.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commits/0.3.0.0/pkg\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003danalyzer_testing\u0026package-manager\u003dpub\u0026previous-version\u003d0.2.6\u0026new-version\u003d0.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d0fac90eb4213db3d5f8d8ff360a4f4bcb4b7ae2", "tree": "15e617b5d3d36aca9ebe6c0bd6e8dff75b419497", "parents": [ "3f681edaa2e2ea2fc6d6df1f54d35a80ec493da8" ], "author": { "name": "Lasse R.H. Nielsen", "email": "lrn@google.com", "time": "Thu Jun 04 12:51:30 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jun 04 12:51:30 2026 +0200" }, "message": "Stop using modifiers on parameters. (#4251)\n\nThe lines fail to compile when the code is included in the 3.13 SDK." }, { "commit": "3f681edaa2e2ea2fc6d6df1f54d35a80ec493da8", "tree": "c09b53df9b15dd5c54808871810a145fdc76dae2", "parents": [ "7fdcad703dd5505ebba309d09a46c3ad6e06c301" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Jun 03 03:45:24 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jun 03 03:45:24 2026 +0000" }, "message": "Bump the github-actions group with 2 updates (#4250)\n\nBumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href\u003d\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href\u003d\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href\u003d\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href\u003d\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href\u003d\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.3 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "7fdcad703dd5505ebba309d09a46c3ad6e06c301", "tree": "39f708cee8eafd731fc230571ed7099ecbcaa4ba", "parents": [ "900e797594d1ede485089204dadc7cd59fab2f85" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Jun 01 11:33:57 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 01 11:33:57 2026 +0200" }, "message": "Primary constructors: add more tests (#4249)" }, { "commit": "900e797594d1ede485089204dadc7cd59fab2f85", "tree": "fdf65c2248c22d0b01ca4aa1b84dc7219c8ad746", "parents": [ "cde60fd70d8778c6d09468d29e12d7a6ec82f495" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri May 29 13:02:43 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 13:02:43 2026 +0200" }, "message": "Add tests for abbreviated constructor declarations (#4247)\n\nThis PR adds tests for the new abbreviated constructor syntax,\ncontinuing our coverage for the Primary Constructors feature." }, { "commit": "cde60fd70d8778c6d09468d29e12d7a6ec82f495", "tree": "ca62165ebd1892167b921648f0a209bfae58ee8a", "parents": [ "b0e4160c686f8a623dd205efb73d986526b952cf" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri May 29 11:37:34 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 29 11:37:34 2026 +0200" }, "message": "Add tests for private named parameters in primary constructors (#4248)\n\nThis PR adds test coverage for private named declaring parameters in\nprimary constructors, continuing our coverage for the Primary\nConstructors feature.\n\nBecause the analyzer correctly populates the `privateName` property on\n`FieldFormalParameterElement` for primary constructors, `dartdoc`\u0027s\nexisting name resolution logic handles this perfectly out of the box." }, { "commit": "b0e4160c686f8a623dd205efb73d986526b952cf", "tree": "4031e39b9a855acf7d3a483a93c9efa17e104763", "parents": [ "5896fce79eb605e76fc0d4f39b15bdb8a03871e1" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Wed May 27 10:28:47 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 27 10:28:47 2026 +0200" }, "message": "Add tests for primary constructor bodies and comment references (#4246)" }, { "commit": "5896fce79eb605e76fc0d4f39b15bdb8a03871e1", "tree": "090d52ec0e1f93fbc1a6b44f01825e79fd6c3bc6", "parents": [ "8a7a54cf1eb3c9ece86ca122ab9bcf4ca23ab1b6" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri May 22 14:50:38 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 22 14:50:38 2026 +0200" }, "message": "Add baseline tests for Primary Constructors field induction and metadata propagation. (#4245)\n\nAdding tests verifying that `dartdoc` correctly consumes this\ninformation from the analyzer without requiring structural changes to\nthe model.\n\n**This PR Covers:**\n* Field induction from `var`/`final` parameters.\n* Bodyless declarations (`;` syntax) across all container types.\n* Doc comment and annotation propagation to induced fields.\n* Enum `const` constructor identification.\n\n**Deferred to future PRs:**\n* Comment references\n* Parsing the `this` block body \n* Secondary constructor keywords (`new`/`factory`)." }, { "commit": "8a7a54cf1eb3c9ece86ca122ab9bcf4ca23ab1b6", "tree": "23e968611c5bec472f79c85faf91a6bfcc9cfd51", "parents": [ "77a52b6125ce8cc8a88a8a399d80701254e43838" ], "author": { "name": "Lasse R.H. Nielsen", "email": "lrn@google.com", "time": "Thu May 21 13:22:47 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 21 13:22:47 2026 +0200" }, "message": "Fixes crash when seeing a `this;` in a body. (#4244)\n\nAdds test that crashes without fix." }, { "commit": "77a52b6125ce8cc8a88a8a399d80701254e43838", "tree": "d573cadf4083fbd1046a9607bfa90718176167ea", "parents": [ "4fa2b5dd3e73465d5719964a992f7f442229fb1f" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue May 05 19:38:04 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 05 19:38:04 2026 +0200" }, "message": "Bump analyzer from 12.1.0 to 13.0.0 (#4242)\n\nBumps [analyzer](https://github.com/dart-lang/sdk/tree/main/pkg) from\n12.1.0 to 13.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/dart-lang/sdk/commits/HEAD/pkg\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull\nRequest\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| analyzer | [\u003e\u003d 4.a, \u003c 5] |\n\u003c/details\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003danalyzer\u0026package-manager\u003dpub\u0026previous-version\u003d12.1.0\u0026new-version\u003d13.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "4fa2b5dd3e73465d5719964a992f7f442229fb1f", "tree": "500b3d846202c42c498a7538efcbcd4d01c2bdf3", "parents": [ "2e30b8e3494d8df041f3ef2256ccfd87a952ea22" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri May 01 22:21:16 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 22:21:16 2026 +0000" }, "message": "Bump the github-actions group with 3 updates (#4241)\n\nBumps the github-actions group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [actions/cache](https://github.com/actions/cache).\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.1 to 4.35.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository\u0027s settings. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7\"\u003e\u003ccode\u003ee46ed2c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3867\"\u003e#3867\u003c/a\u003e from github/update-v4.35.3-8c6e48dbe\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a\"\u003e\u003ccode\u003eb73d1d1\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b\"\u003e\u003ccode\u003e24e0bb0\u003c/code\u003e\u003c/a\u003e Reorder changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62\"\u003e\u003ccode\u003eec298da\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46\"\u003e\u003ccode\u003e8c6e48d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3865\"\u003e#3865\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2\"\u003e\u003ccode\u003e7190983\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445\"\u003e\u003ccode\u003e2bb2095\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698\"\u003e\u003ccode\u003e7851e55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3850\"\u003e#3850\u003c/a\u003e from github/mbg/private-registry/cloudsmith-gcp\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751\"\u003e\u003ccode\u003e262a15f\u003c/code\u003e\u003c/a\u003e Add generic non-printable chars test for OIDC configs\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd\"\u003e\u003ccode\u003ea6109b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e from github/mbg/start-proxy/improved-checks\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...e46ed2cbd01164d986452f91f178727624ae40d7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "2e30b8e3494d8df041f3ef2256ccfd87a952ea22", "tree": "ddf0955c670c247ca226e4ff1ec2e686420e1ccb", "parents": [ "fbc326eac99ed9651222dd70adc1c9e033641e14" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Tue Apr 21 15:09:21 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 21 15:09:21 2026 -0700" }, "message": "Improve @canonicalFor validation with close-match suggestions (#4234)\n\nSuggest matches with the same element name but different library\nprefixes.\n\nUpdate ignoredCanonicalFor template to use {0} once to avoid\nduplication.\n\nAdd test case in canonical_for_test.dart.\n\nThere are cases where\n\n```dart\n/// {@canonicalFor this_doesnt_exst.foo}\n```\n\nWill just fail silently and put `foo` in the wrong place." }, { "commit": "fbc326eac99ed9651222dd70adc1c9e033641e14", "tree": "11fe5d3b8a741510d2ddc314c6c499cdaa5d4099", "parents": [ "c01cf5378252dfd6b58cd03e12a0b2023f52dc91" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Tue Apr 14 09:18:26 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 14 09:18:26 2026 -0700" }, "message": "Fix dartdoc canonicalization for explicit getters and prioritize @canonicalFor (#4233)\n\n- Update model_element.dart to check `canonicalLibraryCandidate` (and\nthus `{@canonicalFor}` tags) before falling back to the local public\nlibrary shortcut.\n- Update canonicalization.dart to provide a name and library-based\nfallback for comparing elements, fixing issues where explicit top-level\ngetters failed to match.\n- Add test_canonicalFor_getter in canonical_for_test.dart to verify\nexplicit getter canonicalization." }, { "commit": "c01cf5378252dfd6b58cd03e12a0b2023f52dc91", "tree": "830012ad40138b8c1fcae277c5425ffcce7b9a9d", "parents": [ "af466dc874bb46f0e5763e77b2f1ceae77da49c7" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Apr 13 15:28:43 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 15:28:43 2026 -0700" }, "message": "Fix link generation for remote and re-exported symbols (#4240)\n\n* Remove incorrect href overrides in TopLevelVariable,\nModelFunctionTyped, and Typedef that were hardcoding local paths.\n* Correct EnumField.href to use canonicalLibrary!.package.baseHref.\n* Fix canonicalLibraryCandidate to consider the defining library as a\ncandidate.\n* Fix ModelElement.canonicalLibrary to use defining library for locality\ncheck.\n\nFixes #4075 \nFixes #4239" }, { "commit": "af466dc874bb46f0e5763e77b2f1ceae77da49c7", "tree": "f5b4e274c2e7954da2f61c78283b83415401ae6f", "parents": [ "a57f497ae9df6e6073b5eb7ddf253d0b2eb470c3" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Apr 09 13:23:38 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 09 13:23:38 2026 -0700" }, "message": "Properly adjust comment offsets in light of interleaved non-doc comments (#4236)\n\nThis is a partial replacement for\nhttps://github.com/dart-lang/dartdoc/pull/4231. I haven\u0027t tested the\n`\\r\\n` issue, so it\u0027s not a full replacement yet." }, { "commit": "a57f497ae9df6e6073b5eb7ddf253d0b2eb470c3", "tree": "cccb8b42ff729f3ab49364e0dfb4ac565a362123", "parents": [ "1c36709282f601d2cac1ab2e203e6b8779455f9b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Apr 01 23:36:31 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 01 23:36:31 2026 +0000" }, "message": "Bump the github-actions group with 3 updates (#4232)\n\nBumps the github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/cache](https://github.com/actions/cache) and [dart-lang/setup-dart](https://github.com/dart-lang/setup-dart).\n\nUpdates `github/codeql-action` from 4.32.4 to 4.35.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository\u0027s settings. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to disable \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository property with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and the type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in the repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to disable improved incremental analysis. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. This feature is not yet available on GitHub Enterprise Server. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space requirement for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the \u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository\u0027s settings. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to disable \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository property with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and the type \u0026quot;True/false\u0026quot; in the organization\u0027s settings. Then in the repository\u0027s settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to disable improved incremental analysis. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. This feature is not yet available on GitHub Enterprise Server. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c10b8064de6f491fea524254123dbe5e09572f13\"\u003e\u003ccode\u003ec10b806\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3782\"\u003e#3782\u003c/a\u003e from github/update-v4.35.1-d6d1743b8\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c5ffd0683786820677d054e3505e1c5bb4b8c227\"\u003e\u003ccode\u003ec5ffd06\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d6d1743b8ec7ecd94f78ad1ce4cb3d8d2ba58001\"\u003e\u003ccode\u003ed6d1743\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3781\"\u003e#3781\u003c/a\u003e from github/henrymercer/update-git-minimum-version\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65d2efa7333ad65f97cc54be40f4cd18630f884c\"\u003e\u003ccode\u003e65d2efa\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2437b20ab31021229573a66717323dd5c6ce9319\"\u003e\u003ccode\u003e2437b20\u003c/code\u003e\u003c/a\u003e Update minimum git version for overlay to 2.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ea5f71947c021286c99f61cc426a10d715fe4434\"\u003e\u003ccode\u003eea5f719\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3775\"\u003e#3775\u003c/a\u003e from github/dependabot/npm_and_yarn/node-forge-1.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/45ceeea896ba2293e10982f871198d1950ee13d6\"\u003e\u003ccode\u003e45ceeea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3777\"\u003e#3777\u003c/a\u003e from github/mergeback/v4.35.0-to-main-b8bb9f28\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/24448c98434f429f901d27db7ddae55eec5cc1c4\"\u003e\u003ccode\u003e24448c9\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/7c510606312e5c68ac8b27c009e5254f226f5dfa\"\u003e\u003ccode\u003e7c51060\u003c/code\u003e\u003c/a\u003e Update changelog and version after v4.35.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b8bb9f28b8d3f992092362369c57161b755dea45\"\u003e\u003ccode\u003eb8bb9f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3776\"\u003e#3776\u003c/a\u003e from github/update-v4.35.0-0078ad667\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c10b8064de6f491fea524254123dbe5e09572f13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.3 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href\u003d\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href\u003d\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b7e8d49f17405cc70c1c120101943203c98d3a4b\"\u003e\u003ccode\u003eb7e8d49\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1701\"\u003e#1701\u003c/a\u003e from actions/Link-/fix-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/984a21b1cb176a0936f4edafb42be88978f93ef1\"\u003e\u003ccode\u003e984a21b\u003c/code\u003e\u003c/a\u003e Add traffic sanity check step\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/acf2f1f76affe1ef80eee8e56dfddd3b3e5f0fba\"\u003e\u003ccode\u003eacf2f1f\u003c/code\u003e\u003c/a\u003e Fix resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/95a07c51324af6001b4d6ab8dff29f4dfadc2531\"\u003e\u003ccode\u003e95a07c5\u003c/code\u003e\u003c/a\u003e Add wait for proxy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dart-lang/setup-dart` from 1.7.1 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/dart-lang/setup-dart/releases\"\u003edart-lang/setup-dart\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js requirement to Node 24.\u003c/li\u003e\n\u003cli\u003eFix open Dependabot alerts by bumping \u003ccode\u003eundici\u003c/code\u003e to \u003ccode\u003e\u0026gt;\u003d6.24.0\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate GitHub Action dependencies (\u003ccode\u003e@actions/core\u003c/code\u003e, \u003ccode\u003e@actions/exec\u003c/code\u003e, \u003ccode\u003e@actions/tool-cache\u003c/code\u003e, \u003ccode\u003e@actions/http-client\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eUpdate workflow actions to their latest versions (\u003ccode\u003eactions/checkout\u003c/code\u003e v6, \u003ccode\u003esetup-flutter\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/dart-lang/setup-dart/blob/main/CHANGELOG.md\"\u003edart-lang/setup-dart\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js requirement to Node 24.\u003c/li\u003e\n\u003cli\u003eFix open Dependabot alerts by bumping \u003ccode\u003eundici\u003c/code\u003e to \u003ccode\u003e\u0026gt;\u003d6.24.0\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate GitHub Action dependencies (\u003ccode\u003e@actions/core\u003c/code\u003e, \u003ccode\u003e@actions/exec\u003c/code\u003e, \u003ccode\u003e@actions/tool-cache\u003c/code\u003e, \u003ccode\u003e@actions/http-client\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eUpdate workflow actions to their latest versions (\u003ccode\u003eactions/checkout\u003c/code\u003e v6, \u003ccode\u003esetup-flutter\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRoll \u003ccode\u003eundici\u003c/code\u003e dependency to address \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\"\u003eCVE-2025-22150\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate to the latest npm dependencies.\u003c/li\u003e\n\u003cli\u003eRecompile the action using the new Dart / JavaScript interop.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eInstall flutter sdk in publishing step, allowing Flutter packages to be\npublished (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/68\"\u003e#68\u003c/a\u003e[])\u003c/p\u003e\n\u003cp\u003e\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/68\"\u003e#68\u003c/a\u003e: \u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/68\"\u003edart-lang/setup-dart#68\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix zip path handling on Windows 11 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/118\"\u003e#118\u003c/a\u003e[])\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/118\"\u003e#118\u003c/a\u003e: \u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/118\"\u003edart-lang/setup-dart#118\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRebuild JS code.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRoll \u003ccode\u003eundici\u003c/code\u003e dependency to address \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\"\u003eCVE-2024-30260\u003c/a\u003e and \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\"\u003eCVE-2024-30261\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to running the workflow on \u003ccode\u003enode20`` from \u003c/code\u003enode16`. See also\n\u003ca href\u003d\"https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/\"\u003eTransitioning from Node 16 to Node 20\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the google storage url for \u003ccode\u003emain\u003c/code\u003e channel releases.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/65eb853c7ba17dde3be364c3d2858773e7144260\"\u003e\u003ccode\u003e65eb853\u003c/code\u003e\u003c/a\u003e chore: prepare v1.7.2 release (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/175\"\u003e#175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/6e0ff0bc3a029a9532ae6a86b1ea4906038921bc\"\u003e\u003ccode\u003e6e0ff0b\u003c/code\u003e\u003c/a\u003e Node 24 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/174\"\u003e#174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/03a180dbe1de8ea7fb700663cbb7d24ca4bbe82c\"\u003e\u003ccode\u003e03a180d\u003c/code\u003e\u003c/a\u003e Group npm dependency updates (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/74195ec01a320a45702f5d8d9aaae896f5a0b540\"\u003e\u003ccode\u003e74195ec\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/exec\u003c/code\u003e from 1.1.1 to 3.0.0 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/41705c951d02aaf00ead5b0423d0808ea495d9b5\"\u003e\u003ccode\u003e41705c9\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/168\"\u003e#168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/dd42013d4425790a72c8c6107773a99edeefd2a9\"\u003e\u003ccode\u003edd42013\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e from 2.0.2 to 4.0.0 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/b36cb5e0e609c7313088a6614db391df98780dce\"\u003e\u003ccode\u003eb36cb5e\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/http-client\u003c/code\u003e from 3.0.0 to 4.0.0 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/170\"\u003e#170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/21e68f4d54916e6c2f68f8c290b2aed9b02cbd3e\"\u003e\u003ccode\u003e21e68f4\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 in the github-actions group (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/0bdb60234eb044854c1c73fb77b0f063cf290512\"\u003e\u003ccode\u003e0bdb602\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/http-client\u003c/code\u003e from 2.2.3 to 3.0.0 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/daef289245bc5d4ab7864e0788a58108a9be6c99\"\u003e\u003ccode\u003edaef289\u003c/code\u003e\u003c/a\u003e Bump flutter-actions/setup-flutter in the github-actions group (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/159\"\u003e#159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/dart-lang/setup-dart/compare/e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c...65eb853c7ba17dde3be364c3d2858773e7144260\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "1c36709282f601d2cac1ab2e203e6b8779455f9b", "tree": "ef371f94f739d73b327f690e7f32b78cce947523", "parents": [ "271705a835521a9335a35ee6a96a3b67db00e477" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Fri Mar 27 20:34:21 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Mar 27 20:34:21 2026 -0700" }, "message": "Perf: Cache ElementType instantiations in PackageGraph (#4230)\n\nImprove overall speed by ~6.2% on one big package." }, { "commit": "271705a835521a9335a35ee6a96a3b67db00e477", "tree": "4bcdc35718a145e1dc439d4c735eb4674aded01e", "parents": [ "e3484b5adb4b0316667c7b07cd16ec4cfc877887" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Thu Mar 19 11:44:23 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 11:44:23 2026 -0700" }, "message": "Update test workflow to Dart SDK 3.10.0 (#4229)\n\n`dart_style` requires it now\n\nI also updated `test/co19/placement_fields_test.dart` to skip 2 tests,\nbecause it used non-constant initializer for an instance field in enum,\nand this caused exception because it cannot be evaluated. Not nice, but\nwe either keep bots green, or the owner of the dartdoc decides what to\ndo here, or change the test." }, { "commit": "e3484b5adb4b0316667c7b07cd16ec4cfc877887", "tree": "3bfd17d5c2193bef69ca1a0cd2d73cfe5f436d1f", "parents": [ "bf4d21970246422362f56b18282b80297c27b2b3" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Sun Mar 15 09:29:13 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Mar 15 09:29:13 2026 -0700" }, "message": "Require analyzer 12.0.0, with breaking changes (#4228)\n\nThis change refers to not yet published `analyzer 12.0.0`, because I\ncannot land corresponding [analyzer\nCL](https://dart-review.googlesource.com/c/sdk/+/486080) (and then\npublish) without pulling into the Dart SDK a version of `dartdoc` (and\n`dart_style`, see https://github.com/dart-lang/dart_style/pull/1815)\nthat is compatible with this breaking change version of the analyzer.\nSo, I want to land this PR with a version of `dartdoc` that is\ncompatible with `analyzer 12.0.0` (to be), and the pull this git commit\ninto [the CL](https://dart-review.googlesource.com/c/sdk/+/486080).\n\nI tested it locally with\n```yaml\ndependency_overrides:\n _fe_analyzer_shared:\n path: /Users/scheglov/Source/Dart/sdk.git/sdk/pkg/_fe_analyzer_shared\n analyzer:\n path: /Users/scheglov/Source/Dart/sdk.git/sdk/pkg/analyzer\n dart_style:\n path: /Users/scheglov/dart/dart_style\n```\nObviously, GitHub bots will be red until `analyzer 12.0.0` is published." }, { "commit": "bf4d21970246422362f56b18282b80297c27b2b3", "tree": "4f658e66c5d2dc25c77c72cdf9395fa1db6ec349", "parents": [ "83390366ee9daa183801347bf1af003be33e595a" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Tue Mar 03 15:08:48 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 15:08:48 2026 +0100" }, "message": "Bump to 9.0.4 (#4225)\n\n" }, { "commit": "83390366ee9daa183801347bf1af003be33e595a", "tree": "0bb5121cfb1a9bc648f70d43cb977e41cf04a0db", "parents": [ "b65fd9a1a446dce425e95dad1e0bccf6f39d4f49" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Tue Mar 03 14:17:27 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 14:17:27 2026 +0100" }, "message": "Gracefully handle missing library elements during comment reference lookup. (#4224)\n\nAdds a safe bailout mechanism in `_lookupViaScope` to gracefully drop\nthe reference when the element\u0027s library cannot be found, returning\n`null` instead of crashing. This ensures `dartdoc` accurately logs a\nwarning for an unresolved doc reference. Also added internalError to the\nPackageWarning.\n\n\nWe know this is the root cause for (some of) the crashes seen on\npub.dev.\nSee analyzer root cause: https://github.com/dart-lang/sdk/issues/62812" }, { "commit": "b65fd9a1a446dce425e95dad1e0bccf6f39d4f49", "tree": "c5eee278aafb436419b40b763585678d1480cb18", "parents": [ "2a483a0c39fdcb69956599ef728029f85850a87a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Mar 01 18:50:22 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Mar 01 18:50:22 2026 +0000" }, "message": "Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions group (#4222)\n\nBumps the github-actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).\n\nUpdates `actions/upload-artifact` from 6.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What\u0027s new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we\u0027ve upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dactions/upload-artifact\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d6.0.0\u0026new-version\u003d7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "2a483a0c39fdcb69956599ef728029f85850a87a", "tree": "29016955b6d5d2680153a5b44978ebd824fd052e", "parents": [ "214e74cf8bc4eb45465253dd3baf727b06bf4f3f" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Feb 27 13:36:16 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 13:36:16 2026 -0800" }, "message": "Merge CommentReferable into Nameable (#4217)\n\nHere\u0027s another change which collapses two elements of the type hierarchy\ninto one: CommentReferable into Nameable. I think this is an especially\nnice refactoring as something which is \"nameable\" really should be\n\"comment referable.\" If something has a name, it can be referenced in a\ncomment. Makes sense.\n\nEach mixin was mixed into ElementType, Category, ModelElement, Package,\nPackageGraph, Base (a dopey testing class), so we can just remove\nCommentReferable from those (and Warnable mixed in CommentReferable and\nDocumentable, and Documentable mixed in Nameable), and then smash most\nof the CommentReferable mixin (which itself implemented Nameable)\nwholesale into the Nameable mixin.\n\nThere are many `List\u003cCommentReferable\u003e` and `Map\u003c_, CommentReferable\u003e`\nand `get CommentReferable` which become `List\u003cNameable\u003e`, `Map\u003c_,\nNameable\u003e`, and `get Nameable`, etc. (This seems to be the bulk of this\nPR 😅 )\n\n---------\n\nCo-authored-by: Sarah Zakarias \u003czarah@google.com\u003e" }, { "commit": "214e74cf8bc4eb45465253dd3baf727b06bf4f3f", "tree": "3a8bbc0cd4d2031cc0e3daba400d4202e90f3560", "parents": [ "b4eb92685b70fc4dd29ff970d3ba63ff88d42d8d" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Fri Feb 27 16:08:05 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 15:08:05 2026 +0100" }, "message": "#4134. Add placement tests for getters and setters (#4219)\n\n" }, { "commit": "b4eb92685b70fc4dd29ff970d3ba63ff88d42d8d", "tree": "81deb1925d8bb002e0e01fa3bf9762618ba1a7ff", "parents": [ "3b019e40d6365af9456bea886da0476e5b7fdff4" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri Feb 27 15:04:35 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 15:04:35 2026 +0100" }, "message": "Remove redundant `GenericFunctionTypeElement` check in `Parameter.htmlId` (#4221)\n\nThis is a follow-up cleanup to the recent simplification of HTML ID\ngeneration for generic function types.\n\nBecause a `GenericFunctionTypeElement` has a `null` or empty\n`lookupName`, execution naturally falls through to the existing fallback\nlogic just below it, achieving the exact same result." }, { "commit": "3b019e40d6365af9456bea886da0476e5b7fdff4", "tree": "159c482e81a49138eec82cfdef4f5cd55e5169a7", "parents": [ "33f83edf90b3845617aeecfe567522f5ea95fb5d" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri Feb 27 13:30:22 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 27 13:30:22 2026 +0100" }, "message": "Fix: Simplify HTML ID generation for parameters in generic function types (#4220)\n\nThis PR backports a change originally authored by Konstantin Scheglov\n(@scheglov) in Google3 to keep the downstream and upstream repositories\nin sync.\n\n**Description:**\nThe HTML ID for parameters within a `GenericFunctionTypeElement` is now\nsimply `\u0027param-$name\u0027`, removing a complex tree-traversal workaround\nthat was previously needed.\n\nSyncing this change upstream directly unblocks automated Dart SDK\ndependency rolls into Google3." }, { "commit": "33f83edf90b3845617aeecfe567522f5ea95fb5d", "tree": "9f8ae010a76c65ed564a5131bf5ffdb987835f04", "parents": [ "e60d5df7405ff22fb8966448345ddd891c88dc5b" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Thu Feb 26 20:57:01 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 26 20:57:01 2026 +0100" }, "message": "Fix extension type override (#4218)\n\nSupersedes #3548.\n\nThis picks up @srawlins\u0027s draft PR from 2023 to ensure ExtensionType\nmembers never override. I added a new commit with tests to make it ready\nfor review.\n\n---------\n\nCo-authored-by: Sam Rawlins \u003csrawlins@google.com\u003e" }, { "commit": "e60d5df7405ff22fb8966448345ddd891c88dc5b", "tree": "4651268dc05f3b27fc57dc9317d150356e7a7fcd", "parents": [ "42f70b40f6fb6555eeb9ee187e083a87716bde1e" ], "author": { "name": "Nhan Nguyen", "email": "nhan13574@gmail.com", "time": "Wed Feb 25 08:52:46 2026 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 25 14:52:46 2026 +0100" }, "message": "Deprecate unused useCategories option (#4148)\n\nRemoves the unused `useCategories` getter and hides the option from help\noutput.\n\nThe option is kept for backwards compatibility but marked as deprecated.\n\nFixes #4046\n\n---------\n\nCo-authored-by: Sarah Zakarias \u003czarah@google.com\u003e" }, { "commit": "42f70b40f6fb6555eeb9ee187e083a87716bde1e", "tree": "0de20fd0b6429b8bd915b43bcd462f01e7670019", "parents": [ "998221240ed7fe119c550f6965a2814c9894375d" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Wed Feb 25 15:49:03 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 25 14:49:03 2026 +0100" }, "message": "#4134. Add placement tests for fields (#4216)\n\nAgain, no tests for private fields here. I don\u0027t think that they are\nreally needed." }, { "commit": "998221240ed7fe119c550f6965a2814c9894375d", "tree": "fcf60a0636944d749060ad7eba96f23804df4078", "parents": [ "1775b1b67ff6ae1c7623998d14d6050673712c6e" ], "author": { "name": "Naman Goyal", "email": "namangoyaldev@gmail.com", "time": "Tue Feb 24 19:29:16 2026 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 14:59:16 2026 +0100" }, "message": "fix: resolve search icon contrast in dark mode (#4196)\n\nThis PR resolves the accessibility issue where the search icon was\nnearly invisible in dark mode.\n\n**Changes:**\n\n* Added a new asset `lib/resources/search_dark.svg` with high contrast\nfor dark backgrounds.\n* Introduced a CSS variable `--search-icon-url` in\n`web/styles/_theme.scss` to handle theme-aware icon switching.\n* Updated `web/styles/_search.scss` to utilize the new variable.\n* Re-generated `lib/src/generator/html_resources.g.dart` and compiled\nassets to include the new resource in the build.\n\n## Related Issues\n\nFixes #4124\n\n## Checklist\n\n* [x] I’ve reviewed the contributor guide and applied the relevant\nportions to this PR.\n* [x] I have used `dart format` on all modified Dart files.\n* [x] I have verified the fix locally by toggling between light and dark\nthemes.\n\nbefore:\n\u003cimg width\u003d\"222\" height\u003d\"86\" alt\u003d\"image\"\nsrc\u003d\"https://github.com/user-attachments/assets/ab22e396-7993-4144-b051-21e62ed74693\"\n/\u003e\n\nafter:\n\u003cimg width\u003d\"314\" height\u003d\"83\" alt\u003d\"image\"\nsrc\u003d\"https://github.com/user-attachments/assets/7b6ea77e-c1fe-4465-9b9f-d9d486a4bc58\"\n/\u003e\n\n---------\n\nCo-authored-by: Sarah Zakarias \u003czarah@google.com\u003e" }, { "commit": "1775b1b67ff6ae1c7623998d14d6050673712c6e", "tree": "870aa81c2f60dc8269f0713e9e96b58ee7d45914", "parents": [ "31b3e40a35daf9d7eec9e923891930c566bcf4b8" ], "author": { "name": "Sigurd Meldgaard", "email": "sigurdm@google.com", "time": "Tue Feb 24 14:33:37 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 14:33:37 2026 +0100" }, "message": "Replace pub run with dart run (#4182)\n\nFollowing up on https://github.com/dart-lang/pub/issues/4737, this PR\nreplaces deprecated `pub run` commands with `dart run`." }, { "commit": "31b3e40a35daf9d7eec9e923891930c566bcf4b8", "tree": "00810edbd043d1e8d9a23a573a9bc9614649139b", "parents": [ "3ca560244ee52aba3d3757a2dcbe912762c594c4" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Tue Feb 24 15:15:16 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 14:15:16 2026 +0100" }, "message": "#4134. Add test cases for external constructors (#4214)\n\nThis PR doesn\u0027t contain test cases for private external members. Since\ndartdoc doesn\u0027t generate documentation for private members, both cases\nare valid: whether doc comments before private constructors are parsed\nor not. While it is possible to check that HTML is not generated for\nprivate members, doing so is not part of the specification.\n\nPlease review." }, { "commit": "3ca560244ee52aba3d3757a2dcbe912762c594c4", "tree": "4d389e1e2ec464cc300d4fe3913b2939c7be4fdf", "parents": [ "80dc20d5ad646814b9429e3ac3281a625c2784bd" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Tue Feb 24 15:02:26 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 14:02:26 2026 +0100" }, "message": "#4134. Add comments placement tests for operators (#4213)\n\n" }, { "commit": "80dc20d5ad646814b9429e3ac3281a625c2784bd", "tree": "70048dc9bcbffd9b29ba2e5b64fffeb4f0d1b750", "parents": [ "edc8779981e63e5a9868e2e44db69005bbec8db2" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Tue Feb 24 15:01:11 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 14:01:11 2026 +0100" }, "message": "#4134. Add comments placement tests for methods (#4192)\n\n" }, { "commit": "edc8779981e63e5a9868e2e44db69005bbec8db2", "tree": "fb7ab6df92ab51a9102baba12ebefa36ab1ac33e", "parents": [ "cd8f1adb698bb281b5aef4fa5f776c39734723a5" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Feb 24 13:24:38 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 13:24:38 2026 +0100" }, "message": "Bump the github-actions group with 3 updates (#4198)\n\nBumps the github-actions group with 3 updates:\n[actions/checkout](https://github.com/actions/checkout),\n[github/codeql-action](https://github.com/github/codeql-action) and\n[actions/cache](https://github.com/actions/cache).\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID\nis set by \u003ca\nhref\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements\nby \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca\nhref\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca\nhref\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca\nhref\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca\nhref\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca\nhref\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca\nhref\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca\nhref\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca\nhref\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca\nhref\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment\nvariables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e\nin \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca\nhref\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca\nhref\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca\nhref\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca\nhref\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e,\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4\nupdates by \u003ca\nhref\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca\nhref\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca\nhref\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable\nversion. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca\nhref\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in\n\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e\nFix tag handling: preserve annotations and explicit fetch-tags (\u003ca\nhref\u003d\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e\nAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is\nset (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca\nhref\u003d\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.9 to 4.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.31.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca\nhref\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions\ndebugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names\nwhen uploading logs from the Dependabot authentication proxy as workflow\nartifacts. This ensures that the artifact names do not clash between\nmultiple jobs in a build matrix. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca\nhref\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated\nfiles\u003c/a\u003e from the analysis. This feature is not currently enabled for\nany analysis. In the future, it may be enabled by default for some\nGitHub-managed analyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL\nAction are now shorter to avoid duplicated information from appearing in\nDependabot PRs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.31.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e\nfor more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases\npage\u003c/a\u003e for the relevant changes to the CodeQL CLI and language\npacks.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca\nhref\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e.\n\u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca\nhref\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions\ndebugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names\nwhen uploading logs from the Dependabot authentication proxy as workflow\nartifacts. This ensures that the artifact names do not clash between\nmultiple jobs in a build matrix. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca\nhref\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated\nfiles\u003c/a\u003e from the analysis. This feature is not currently enabled for\nany analysis. In the future, it may be enabled by default for some\nGitHub-managed analyses. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL\nAction are now shorter to avoid duplicated information from appearing in\nDependabot PRs. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now\nlogs a warning for customers who are running v3 but could be running v4.\nFor more information, see \u003ca\nhref\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming\ndeprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003e\u003ccode\u003eb20883b\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3428\"\u003e#3428\u003c/a\u003e\nfrom github/update-v4.32.0-e3b8227a2\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b\"\u003e\u003ccode\u003ec9aa45d\u003c/code\u003e\u003c/a\u003e\nUpdate changelog for v4.32.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634\"\u003e\u003ccode\u003ee3b8227\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3427\"\u003e#3427\u003c/a\u003e\nfrom github/henrymercer/bump-for-new-minor-series\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064\"\u003e\u003ccode\u003e8a01181\u003c/code\u003e\u003c/a\u003e\nCompare minor version number\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae\"\u003e\u003ccode\u003e80e1425\u003c/code\u003e\u003c/a\u003e\nBump minor version for CLI v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a\"\u003e\u003ccode\u003eb748848\u003c/code\u003e\u003c/a\u003e\nBump the Action minor version number on new CodeQL minor version\nseries\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18\"\u003e\u003ccode\u003e5e767ef\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3425\"\u003e#3425\u003c/a\u003e\nfrom github/update-bundle/codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86\"\u003e\u003ccode\u003e9752869\u003c/code\u003e\u003c/a\u003e\nAdd changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e\"\u003e\u003ccode\u003ec62c214\u003c/code\u003e\u003c/a\u003e\nUpdate default bundle to codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490\"\u003e\u003ccode\u003e25a224b\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/github/codeql-action/issues/3423\"\u003e#3423\u003c/a\u003e\nfrom github/mbg/ci/yq-windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service\nwill not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s\nchangelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e\nwith the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e\nsection.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by\nupdating the \u003ca\nhref\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e\nfile with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed\nand merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca\nhref\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e\nuse the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you\nmade in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca\nhref\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version\nnumber.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags\nfor this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca\nhref\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via\n\u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and\nrequires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before\nupgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca\nhref\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003e\u003ccode\u003ecdf6c1f\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1695\"\u003e#1695\u003c/a\u003e\nfrom actions/Link-/prepare-5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d\"\u003e\u003ccode\u003ea1bee22\u003c/code\u003e\u003c/a\u003e\nAdd review for the \u003ccode\u003e@​actions/http-client\u003c/code\u003e license\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f\"\u003e\u003ccode\u003e4695763\u003c/code\u003e\u003c/a\u003e\nAdd licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502\"\u003e\u003ccode\u003edc73bb9\u003c/code\u003e\u003c/a\u003e\nUpgrade dependencies and address security warnings\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a\"\u003e\u003ccode\u003e345d5c2\u003c/code\u003e\u003c/a\u003e\nAdd 5.0.3 builds\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003e\u003ccode\u003e8b402f5\u003c/code\u003e\u003c/a\u003e\nMerge pull request \u003ca\nhref\u003d\"https://redirect.github.com/actions/cache/issues/1692\"\u003e#1692\u003c/a\u003e\nfrom GhadimiR/main\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002\"\u003e\u003ccode\u003e304ab5a\u003c/code\u003e\u003c/a\u003e\nlicense for httpclient\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be\"\u003e\u003ccode\u003e609fc19\u003c/code\u003e\u003c/a\u003e\nUpdate licensed record for cache\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5\"\u003e\u003ccode\u003eb22231e\u003c/code\u003e\u003c/a\u003e\nBuild\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a\"\u003e\u003ccode\u003e93150cd\u003c/code\u003e\u003c/a\u003e\nAdd PR link to releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s major version (unless you unignore this specific\ndependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this\ngroup update PR and stop Dependabot creating any more for the specific\ndependency\u0027s minor version (unless you unignore this specific\ndependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR\nand stop Dependabot creating any more for the specific dependency\n(unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore\nconditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will\nremove the ignore condition of the specified dependency and ignore\nconditions\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "cd8f1adb698bb281b5aef4fa5f776c39734723a5", "tree": "1a6162ab0ca2ae47d7baf085bb9d5da44dcddc53", "parents": [ "a9d6bd48a888a5651ad4da3c222014963227edda" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Tue Feb 24 12:32:00 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 24 12:32:00 2026 +0100" }, "message": "Add support for the @example directive (#4201)\n\nIntroduces the `{@example path [lang\u003dLANGUAGE] [indent\u003dkeep|strip]}`\ndirective, enabling developers to inject content from external source\nfiles directly into documentation comments as fenced code blocks.\n\n* **Block-Level Requirement**: The directive must appear on its own line\nto be processed. If used inline, it will be ignored.\n * **Code Block Customization**:\n* `lang`: Specify the language for the fenced code block (defaults to\nthe file extension).\n* `indent`: Choose whether to strip common indentation (default) or keep\nthe original file formatting. To avoid broken formatting, it issues a\nwarning and skips stripping if non-space characters (e.g. tabs) are\ndetected in the indentation.\n * **Path Resolution** :\n* Supports paths relative to the current file or absolute paths starting\nfrom the package root (e.g., `{@example /examples/hello.dart}`).\n* Resolution logic ensures that requested files stay within the package\nroot and handles URI-encoded characters.\n* **Error Handling**: Adds a new missing-example-file warning for broken\npaths and validates against disallowed URI schemes.\n\nNote: Support for extracting specific `#region` segments from files is\nplanned for a follow-up PR." }, { "commit": "a9d6bd48a888a5651ad4da3c222014963227edda", "tree": "21a16f5b9ef1af1a2e357daa6de5678eb94600b5", "parents": [ "cb712bd64dd455545fd2d8aceed96797faf3f3a1" ], "author": { "name": "Bob Nystrom", "email": "rnystrom@google.com", "time": "Mon Feb 23 10:51:08 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 19:51:08 2026 +0100" }, "message": "Handle private named parameters in generated docs. (#4202)\n\nPrivate named parameters affect Dartdoc in two places:\n\n* When generating docs with a comment reference that refers to a private\nnamed parameter, use the corresponding public name.\n\n* When generating a signature for a constructor with a private named\nparameter, use the corresponding public name for the parameter in the\nsignature.\n\nSo given a class like:\n\n```dart\nclass C {\n int _x;\n\n /// Make a new [C] with [_x].\n C({required this._x});\n}\n```\n\nThen the Dartdoc looks like:\n\n\u003e Make a new C with `x`.\n\u003e\n\u003e `C({required int x});`\n\nFix https://github.com/dart-lang/dartdoc/issues/4114.\n\n---------\n\nCo-authored-by: Sarah Zakarias \u003czarah@google.com\u003e" }, { "commit": "cb712bd64dd455545fd2d8aceed96797faf3f3a1", "tree": "2235bbb3f7629ff0d2210b69559ad380a4a486d9", "parents": [ "114cef9c8512f74df58865a9b1c6c7ff43213c04" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Mon Feb 23 18:47:39 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 17:47:39 2026 +0100" }, "message": "#4134. Add additional case for private factory constructors (#4191)\n\n" }, { "commit": "114cef9c8512f74df58865a9b1c6c7ff43213c04", "tree": "fc963a6e49507e3d01813cb4bc4f878ec21840ff", "parents": [ "694b8470168d889129c0d6bc8f9a502c73e591c9" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Feb 23 12:41:10 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 12:41:10 2026 +0100" }, "message": "Use latest sdk version when enabling experimental features via CLI (#4212)\n\n" }, { "commit": "694b8470168d889129c0d6bc8f9a502c73e591c9", "tree": "4da98bc861a62168bdc7d69ea8097df8c9e2b786", "parents": [ "faccb380fa1084b35aebbab423640b06fc880b94" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Feb 23 10:08:24 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 23 10:08:24 2026 +0100" }, "message": "Support experiments in dartdoc_options.yaml and fix experiment flag propagation. (#4211)\n\n- Fix a bug where `--enable-experiment` flags were parsed by `dartdoc`\nbut ignored by the created analyzer context.\n- Add support for specifying experiments in `dartdoc_options.yaml`.\n- Remove the legacy `non-nullable` default to ensure experiments in\n`analysis_options.yaml` are correctly respected.\n- Document configuration paths and precedence rules in `README.md`." }, { "commit": "faccb380fa1084b35aebbab423640b06fc880b94", "tree": "bd55ec482008906e1c2d494f330818b369dffa26", "parents": [ "361cee96009a763911039cf08d7e3282a6658ef5" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Fri Feb 20 10:17:11 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 20 09:17:11 2026 +0100" }, "message": "#4134. Add placement tests for private top-level declarations (#4188)\n\n" }, { "commit": "361cee96009a763911039cf08d7e3282a6658ef5", "tree": "9282d98f08e2ca7a7186ac886ce1eba30e40eff9", "parents": [ "5666224f2d0b805dca310bf5fcdc6968577b7d9d" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Wed Feb 18 22:03:22 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 18 22:03:22 2026 +0100" }, "message": "Bump analyzer dependency to 10.1.0 (#4210)\n\n" }, { "commit": "5666224f2d0b805dca310bf5fcdc6968577b7d9d", "tree": "a698e3ce4c07d627e4de8c06439a9dc0876fb8de", "parents": [ "8d783886cf99461adb25831307fd236756d1af0a" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Wed Feb 18 10:04:13 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 18 10:04:13 2026 -0800" }, "message": "Significant improvements to canonicalization logic (#4204)\n\nFixes https://github.com/dart-lang/dartdoc/issues/4203\n\n* elements documented in their intended libraries via `@canonicalFor`\noverrides are now correctly placed in their respective directories.\n* improved SDK interlinking to ensure elements re-exported from standard\nlibraries (like `dart:core`) generate absolute remote links when\nappropriate.\n* fixed a bug where property accessors (getters/setters) were\nincorrectly compared during canonical library lookups.\n* refined scoring heuristics with definitive tie-breakers for standard\nSDK schemes and defining libraries." }, { "commit": "8d783886cf99461adb25831307fd236756d1af0a", "tree": "f4bcb1efb59a7f0aa9d7daaf2feadb48dac9706b", "parents": [ "3875847cddb17a435d39e5e7177fa5934be08f36" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Wed Feb 18 09:51:42 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 18 09:51:42 2026 -0800" }, "message": "Add sanity in the buildbot output (#4206)\n\n" }, { "commit": "3875847cddb17a435d39e5e7177fa5934be08f36", "tree": "98bae48806c0ee154550a1b990fa70af47e5b9c4", "parents": [ "af0085039035557c792b2d08965e24c2dd342d63" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Wed Feb 18 05:56:14 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 18 14:56:14 2026 +0100" }, "message": "Bump to 9.0.3 (#4209)\n\nFixes https://github.com/dart-lang/dartdoc/issues/4208" }, { "commit": "af0085039035557c792b2d08965e24c2dd342d63", "tree": "baafeec2c524d76e5d8acfea15ff2d9f4f9eb8fb", "parents": [ "9389132ddc60dcb3a03d71397c5357d29e05db7e" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Tue Feb 03 05:35:34 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 03 05:35:34 2026 -0800" }, "message": "Bump to analyzer 10.0.2 and handle deprecation (#4199)\n\nAnalyzer 10.0.2 comes with a deprecation. We can handle it here by\nmoving to the new internal APIs.\n\nThen when this commit is rolled into the Dart SDK, we can delete the old\nAPIs." }, { "commit": "9389132ddc60dcb3a03d71397c5357d29e05db7e", "tree": "ab5ff2911744e594e2366d299dc05203cbe68d08", "parents": [ "de4a8b007a7ce221698087e244ab3700a7d2ecbb" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Jan 30 12:05:40 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 30 12:05:40 2026 -0800" }, "message": "Convert some \"mixed-in field\" tests into unit tests (#4197)\n\nThese \"mixed-in field\" tests are a little complex, involving four types\nand a diamond-shaped inheritance graph. But they are meaningful; sort of\nthe smallest diamond-shape of inheritance. I struggled to make sense of\nthe end-to-end tests (as a change I was making was breaking them) and\njust had to convert them to unit tests to make them make sense 😅 .\n\n---------\n\nCo-authored-by: Sarah Zakarias \u003czarah@google.com\u003e" }, { "commit": "de4a8b007a7ce221698087e244ab3700a7d2ecbb", "tree": "2556e4e4ea5cd4c9b7615e06de22130838ca9923", "parents": [ "c066c12794c174106b3175e9d473aec78352e8b1" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri Jan 30 10:11:19 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 30 10:11:19 2026 +0100" }, "message": "Refactor categorization to be lazy and side-effect-free (#4195)\n\nDecouples category parsing from the full documentation build to fix\nside-effect dependencies.\n\n Changes:\n- Categories are now parsed lazily from the raw comment when requested,\ninstead of forcing a full documentation build.\n- Added early bail-outs for missing documentation to stop\npassing/processing empty strings.\n- Switched documentationLocal to use a cleaner nullable backing field\npattern.\n - Added tests for parse_categorization" }, { "commit": "c066c12794c174106b3175e9d473aec78352e8b1", "tree": "78c3b51cfc015e18acb215e4a3d4ea22dd9fc65d", "parents": [ "488753f876b501f822175dce24a017551526d1eb" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Jan 29 06:26:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 29 06:26:37 2026 -0800" }, "message": "Introduce unit tests for \"properties\" (#4194)\n\nIn trying to reason about \"properties\" (fields, getters, setters), I\nneeded some unit tests. We didn\u0027t have any that cleanly explore how\nproperty-_inducing_ things (fields) and property _accessors_ (getters\nand setters) work together, especially with inheritance.\n\nWe had the old-school end-to-end tests, which are hard to understand as\nthe test code is very distant from the test. This starts to clean that\nup a bit." }, { "commit": "488753f876b501f822175dce24a017551526d1eb", "tree": "9ed7e9102a6606ecdd2fefa9f15be5dc2dceb22a", "parents": [ "12d5e5676a8fb812a358f9758d97ed7b3f3dfc2a" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Wed Jan 28 21:42:01 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 21:42:01 2026 +0100" }, "message": " Refactor Package to use MarkdownFileDocumentation mixin (#4193)\n\n* Refactors `Package` to use the `MarkdownFileDocumentation` mixin \n* Updates the mixin\u0027s `documentation` getter to return `null` instead of\n`\u0027\u0027` when documentation is missing.\n\nThis removes redundant code and aligns file-based documentation with the\nnull-safety improvements in #4190" }, { "commit": "12d5e5676a8fb812a358f9758d97ed7b3f3dfc2a", "tree": "b5f1cf6872dcd17ea4695ac188cfd09abcadd688", "parents": [ "543fee18cd9b19c56d5bda111c1fbc01961a22c4" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Wed Jan 28 10:07:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 10:07:37 2026 -0800" }, "message": "Make documentationComment nullable (#4190)\n\nThis one isn\u0027t a slam dunk, but I do think it is an improvement.\nFeedback welcome 😁\n\nI found it strange that `DocumentationComment.documentationComment`\n(forgiving the naming for now) returned the element\u0027s\n`documentationComment ?? \u0027\u0027`. Then we have lots of code that asks if\nthat comment is empty. So we\u0027re replacing one sentinel value (`null`)\nfor another (`\u0027\u0027`), without any gain, I believe. In my mind it makes\nthings weird as well, when a real String value might not be an actual\ndocumentation comment; it might be that `?? \u0027\u0027` fallback.\n\nSo this was an experiment to make\n`DocumentationComment.documentationComment` nullable. I think it reads\nmuch nicer; instead of many cases of `hasDocumentationComment \u0026\u0026`, we\ncan use `documentationComment ??`.\n\nThis also opens up a very nice refactoring for\n`GetterSetterCombo._getterSetterDocumentationComment`. The previous code\nis pretty complex with many conditions and local variables slowly\nbuilding to the answer of \"does my getter have a doc comment? does my\nsetter? do both?\" In the refactoring, we gather up the getter portion of\nthe comment (which may be a nice tidy `null`), and then the setter\nportion (again, may be `null`). And then we return one, the other, or a\ncombination.\n\n(Also, regarding `DocumentationComment.documentationComment` naming: the\nmixin should be called `HasDocumentationComment`; the mixin does not\nmerely represent a doc comment; it contains utilities and data for a\nthing that _has_ a documentation comment.)" }, { "commit": "543fee18cd9b19c56d5bda111c1fbc01961a22c4", "tree": "cad585ccf880b2800579bfc2d321a28155c0f696", "parents": [ "4ed9324998581eaa48e4dec6ae9d785564a9eb4b" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Tue Jan 27 07:00:36 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 07:00:36 2026 -0800" }, "message": "Simplify documentationFrom (#4187)\n\nIt seemed weird that `documentationFrom` was declared in Warnable. Well\nit turns out that was only really for the case in MarkdownDocument where\nwe are computing where a warning might be \"referred from.\" Other than\nthat, we only ever ask about `documentationFrom` on ModelElements!\n\nThis is good news because we can move the top declaration to\nModelElement, and remove the dummy implementations (on Category,\nDocumentationComment, and Package).\n\nThat MarkdownDocument code was also the only place that accessed\n`Warnable.documentationIsLocal`, so we can remove that declaration.\n\nWe can also change the return type of `documentationFrom` from Warnable\nto ModelElement, which allows us to remove a few explicit casts." }, { "commit": "4ed9324998581eaa48e4dec6ae9d785564a9eb4b", "tree": "2cbdef7ee095e1821493a50ecaf5108defb61266", "parents": [ "9d5f7bfa5a4c376ce53523646fe7c51f3eb31879" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Tue Jan 27 06:58:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 06:58:37 2026 -0800" }, "message": "Simplify oneLineDoc and privatize elementDocumentation (#4186)\n\nThis is small, but I noticed nothing depends on\n`Documentable.oneLineDoc`, and so we can remove it and the dummy impl on\nPackage.\n\nWe can also then move the impl on ModelElement to DocumentationComment,\nwhich allows us to make `DocumentationComment.elementDocumentation`\nprivate." }, { "commit": "9d5f7bfa5a4c376ce53523646fe7c51f3eb31879", "tree": "da7307b09ac8824a3f7587fd34d3f20720898555", "parents": [ "42c50725e3500e40d0b41cbd5f6d5b8fff0be2e8" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Tue Jan 27 14:25:27 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 14:25:27 2026 +0100" }, "message": "Update spec about output details being out-of-scope (#4189)\n\n" }, { "commit": "42c50725e3500e40d0b41cbd5f6d5b8fff0be2e8", "tree": "44c03e4f973233eaaa8f745c67b397a7559f3d23", "parents": [ "41a599ec3cfef280ff7883429fcc20459f8ace5b" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Jan 26 07:15:13 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 07:15:13 2026 -0800" }, "message": "Simplify characterLocation; remove unitElement (#4184)\n\nI\u0027m looking at simplifying the `SourceCode` mixin (merging it into\nDocumentationComment), and found that our implementations of\n`characterLocation` were unnecessarily complex.\n\nFor one thing, the analyzer APIs have recently added some nice\n`isOriginX` getters, which tell us where an element came from, similar\nto the previous `isSynthetic` getters, but more informative.\n\nSince the `characterLocation` question is all about the analyzer\nElement, and requires no knowledge of the dartdoc ModelElement, it was\neasy enough to round up all of the edge cases, and answer the question\nin one place in `ModelElement.characterLocation`. This helps us to\ndelete a ton of cruft. The implementation is now a single switch\nstatement, switching on the Element and the enclosing Element. I kept\nthe helpful comments but was able to largely merge them since the code\nis now in one place." }, { "commit": "41a599ec3cfef280ff7883429fcc20459f8ace5b", "tree": "48296121b0ab8fcff3fed179c83099fb5481f209", "parents": [ "674916baf7ff601564ccf25128e907a966748afc" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Mon Jan 26 16:16:01 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 15:16:01 2026 +0100" }, "message": "#4134. Add comments placement tests for constructors (#4183)\n\n" }, { "commit": "674916baf7ff601564ccf25128e907a966748afc", "tree": "7b99962285dce61d3729d65b00f4d4c889eaadb1", "parents": [ "076c0ac174d733a3566c851bd078271df37e4610" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Mon Jan 26 16:07:10 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 15:07:10 2026 +0100" }, "message": "#4134. Add tests for block-comments placement (#4181)\n\n" }, { "commit": "076c0ac174d733a3566c851bd078271df37e4610", "tree": "a84f70a528699aeeab52e5f8ffdf8d2470800094", "parents": [ "d047674b45731532aabd2066fbe6a0441d166402" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Wed Jan 21 07:38:43 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 21 07:38:43 2026 -0800" }, "message": "Move all \u0027@canonicalFor\u0027, \u0027@category\u0027, and \u0027@subCategory\u0027 processing into DocumentationComment (#4179)\n\nThis is a bit of a doozy. In order to get rid of using\n`documentationLocal` for its side-effects, we have to get rid of the\n`buildDocumentationAddition` overrides; this is not so bad as there were\nonly three:\n\n* `Library` overrode `buildDocumentationAddition` only to maybe report\nsome warnings, if there were bad `{@canonicalFor}` directives. So we\njust rename this to be `checkCanonicalForIsValid` and call from\nDocumentationComment.\n* The only class that mixed in `CanonicalFor` was `Library`. So\n`Library.buildDocumentationAddition` calling\n`super.buildDocumentationAddition` was the only call site. This code\nbecomes `DocumentationComment._stripCanonicalFor`.\n* Many classes mixed in `Categorization` (see below), but it really just\nboils down to ModelElement. So this implementation moves to\n`DocumentationComment._stripAndSetDartdocCategories`.\n\nThen, parsing all of the doc comment directives is located in one mixin,\nDocumentationComment. There are still side-effect issues, but they\u0027re\nall contained in this file now, and I think we\u0027re better positioned to\nclean it up after this change. There are also many late or nullable\nfields that are a little precarious. I have ideas for fixing these.\n\nThis led to some other cleanups:\n\n* Remove all `buildDocumentationAddition` declarations.\n* `_processCommentWithoutTools` only ever accepted the\n`documentationComment` field so... just remove the parameter.\n* `_processCommentWithoutTools` did all the same things that\n`processCommentDirectives`, except for processing macros. So change\n`processCommentDirectives` to optionally process macros, and deduplicate\nthe code.\n* `_documentationLocalIsSet` and `_docsHaveBeenBuilt` were mostly\nredundant, revealed by the refactoring. So delete the former.\n* Fold `_buildDocumentationBase` into its only caller,\n`precacheLocalDocs`.\n* Fold `_buildDocumentationBaseSync` into its only caller,\n`documentationLocal`.\n* `Container`, `Library`, `ModelFunction`, `TopLevelVariable` and\n`Typedef` all mixed in Categorization; no longer needed.\n* Many `Categorization` type annotations are just `ModelElement` now." }, { "commit": "d047674b45731532aabd2066fbe6a0441d166402", "tree": "72dde2c8c1806bb6577250bd39506c2d018839e5", "parents": [ "a7070f73a25570fb2c9c1f67fb9bf3bf53285164" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Tue Jan 20 15:50:17 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 20 14:50:17 2026 +0100" }, "message": "#4134. Add tests for doc comments placement (#4178)\n\n" }, { "commit": "a7070f73a25570fb2c9c1f67fb9bf3bf53285164", "tree": "3cfef44f06602659f154ad6b3235a7a089464856", "parents": [ "47ac358161b1012d39c91d52c2759431d9513f6d" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Mon Jan 19 11:54:35 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 19 10:54:35 2026 +0100" }, "message": "Fix internal links in Dart Doc specification (#4177)\n\nInternal links to headings shouldn\u0027t contain `.`\n([documentation](https://docs.github.com/ru/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)).\n\n\u003e Spaces are replaced by hyphens (-). Any other whitespace or\npunctuation characters are removed.\n\nTherefore currently links to internal headings in the\n[specification](https://github.com/dart-lang/dartdoc/blob/main/doc/dart_documentation_comment_specification.md)\ndon\u0027t work. This PR fixes them." }, { "commit": "47ac358161b1012d39c91d52c2759431d9513f6d", "tree": "752d5f0e0300db5e02c1909553353b8ad021dc51", "parents": [ "03f48ee08eccdcf2e4cd06678501f07c182bebf5" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Jan 16 09:19:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 16 09:19:37 2026 -0800" }, "message": "Simplify some aspects of DocumentationComment (#4175)\n\nFound a couple of surprises while poking around the\n`DocumentationComment.documentationComment` field:\n\n* `Accessor.documentationComment` performed an extra\n`stripCommentDelimiters()` call, but it was totally unnecessary. A few\ntests needed to be updated to refer to `.documentation` (the processed\ndocs, without `///` delimiters).\n* That same field was unnecessarily a late final field. I made it a\ngetter and observed no change in performance. ([\"Avoid storing what you\ncan\ncalculate.\"](https://dart.dev/effective-dart/usage#avoid-storing-what-you-can-calculate))\n* `Documentable.documentation` did _not_ have a doc comment, but there\nwas one on an override, `ModelElement.documentation`. So I moved the\ncomment and improved it.\n* I added more notes to `DocumentationComment.documentationLocal`, with\nregards to how it is sometimes used for its side-effects. It\u0027s\nunfortunate, but while it is the case, it\u0027s good to document.\n* `DocumentComment._rawDocs` was the real puzzler. We stored comment\ntext there, but never accessed it! The value was only checked for `null`\nin order to avoid re-computing. So we were storing a potentially huge\nstring which could be replaced with a bool, `_docsHaveBeenBuilt`. Which\nI did." }, { "commit": "03f48ee08eccdcf2e4cd06678501f07c182bebf5", "tree": "f77c5a9ee2598215f7586d0d9d88514d10da7b8c", "parents": [ "84f4b49c962af4d0a04558ac20dbaf912b9e7954" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Fri Jan 16 13:39:12 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 16 13:39:12 2026 +0100" }, "message": "Prepare 9.0.2 release (#4174)\n\nMigrate to analyzer 10.0.0" }, { "commit": "84f4b49c962af4d0a04558ac20dbaf912b9e7954", "tree": "14be74e76244994aa02e1c367f8ae7aa9d87b4d8", "parents": [ "c60b45ba7891429d3d7163eb2a4c1f5047fab618" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Jan 15 08:39:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 15 08:39:37 2026 -0800" }, "message": "Simplify doc comment precaching (#4173)\n\nDartdoc does this thing called \"precaching\" for doc comments. This is\nprocessing doc comments very early in the dartdoc process, because\ndirectives like `{@tool}` require async processing, and that processing\ncannot be done at the end of the dartdoc process, when we are writing\nout HTML files. (I think there\u0027s also a nice sanity in processing\ndirectives early, rather than computing a bunch of logic and running\nshells at the very end, when we\u0027re just trying to write the HTML.)\n\nI think for performance purposes, we\u0027ve been careful to only precache\ndoc comments that have directives like `{@tool}`. And leave others for\nlater. This added a fair bit of complexity, and a number of fields for\ntracking things. I ran a perf benchmark with this conditional\nprecaching, and a perf benchmark where we precache all doc comments.\nThere was zero difference, in both time-to-document, and max memory\nused.\n\nSo this PR just simplifies the work to always cache canonical elements\n(as per the existing logic in `PackageGraph._precacheLocalDocs`). And\nthe `DocumentationComment` class is much simplified.\n\nThere might be more to simplify here, with regards to getters/setters,\nbut I\u0027m leaving that for later. And of course this all might get simpler\nwhen we do away with `{@tool}`.\n\n(I\u0027m looking at this code for some preliminary work for new doc\ndirectives.)" }, { "commit": "c60b45ba7891429d3d7163eb2a4c1f5047fab618", "tree": "f2e3145c8e0f2309111369aca3823d90b7911a21", "parents": [ "025a9a1f98f9426fd74e204a9300235f752960b7" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Thu Jan 15 11:40:57 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 15 10:40:57 2026 +0100" }, "message": "#4134. Add doc comments tests for metadata (#4172)\n\n" }, { "commit": "025a9a1f98f9426fd74e204a9300235f752960b7", "tree": "4f4e2671c14863fbbebdb6a1197dca8e257f83e1", "parents": [ "00b7ef28b387588c27a7d503074463990d41ab0f" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Wed Jan 14 06:28:47 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 14 06:28:47 2026 -0800" }, "message": "Remove PackageConfigProvider classes; simplify with one function (#4171)\n\nThis is a giant cleanup, but it\u0027s quite mechanical, and easily explained\n:D\n\nPackageConfigProvider was created with two concrete classes, one that\nused the file system to find PackageConfigs, and one that was totally\nfake, where Packages were manually added to the provider.\n\nBut we no longer need the Fake ones; this might stem all the way back\nfrom when we started using analyzer\u0027s ResourceProvider to test with\nin-memory file systems. So we can remove the hierarchy. And then we\u0027re\nleft with the singular method that was defined, `findPackageConfig`. We\ncan make this method a top-level function, and then tear-down the\nnumerous places where PackageConfigProvider was instantiated, stored in\nfields, and passed around. So much deleted code." }, { "commit": "00b7ef28b387588c27a7d503074463990d41ab0f", "tree": "2eeeb32948db6d857b5a50ac2407c3ec0605c108", "parents": [ "a4c6453afbfb56d4f730e26bfa6e03f8d03c0198" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Wed Jan 14 10:12:01 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 14 09:12:01 2026 +0100" }, "message": "#4134. Add block-based doc comments tests (#4164)\n\n" }, { "commit": "a4c6453afbfb56d4f730e26bfa6e03f8d03c0198", "tree": "eddd74bba51bf0206fa6288708fab9c654dce913", "parents": [ "16742f0e6e6d52039dedcd53d6c43818cdae3581" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Tue Jan 13 06:34:07 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 13 06:34:07 2026 -0800" }, "message": "Reduce duplicate \"visible annotation\" code (#4169)\n\nWhen I landed the recent code fix\n(https://github.com/dart-lang/dartdoc/pull/4163) for private\nannotations, I missed that there was already a spot in PackageGraph\nwhere we determine if an annotation is \"visible.\"\n\nThis PR deduplicates that code into just one definition of \"private\nannotation.\"" }, { "commit": "16742f0e6e6d52039dedcd53d6c43818cdae3581", "tree": "8f465f82e8c3715484b4d7f9b2b8ddfb65d9e98e", "parents": [ "93be792045ada5f6cff8c8652b0db4f2bbf13e37" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Tue Jan 13 06:31:56 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 13 06:31:56 2026 -0800" }, "message": "Heavily refactor how a Flutter Embedder SDK is discovered (#4170)\n\nI was investigating analyzer\u0027s handling of Flutter (sky_engine)\u0027s\nEmbedder SDK, and found we could really simplify how we handle it.\n\nIn PackageBuilder we have a couple awkward private APIs: `__embedderSdk`\nand `_embedderSdk`. The former is of course just the memoized field\nbacking the latter getter. But so awkward.\n\nOk, and what is `_embedderSdk` used for? Well, if we are documenting\nFlutter, then we need to find the `sky_engine` `_embedder.yaml` file in\norder to find the Flutter engine (e.g. `dart:ui`) in order to document\nit. So the `_embedderSdkFiles` and `_embedderSdkUris` getters support\nthe idea of creating an EmbedderSdk via `sky_engine`. Ultimately it is\nreally only used in `PackageGraph.uninitialized(...)` to say whether we\n_have_ an EmbedderSdk, and in `_getFilesToDocument`, to list out\nlibraries specified in the EmbedderSdk that we need to document.\n\nHow is the `_embedderSdk` calculated? Since it\u0027s a memoization thing it\nis only calculated once, via the private field, `_packageMap`. That\nfield is named very generally, but it is a field which only exists to be\nconsumed once by this `_embedderSdk` getter. That `_packageMap` field is\nhydrated by `_calculatePackageMap`, which is called once (and has the\ncomment, \"Do not call more than once for a given PackageBuilder,\" yikes)\nduring `buildPackageGraph`. So we\u0027ve identified a number of instance\nmembers (`__embedderSdk`, `_packageMap`, and `_calculatePackageMap`, who\nonly exist to support `_embedderSdk` returning something useful. Maybe\nwe can calculate this field differently.\n\nWell the complication comes from how `_calculatePackageMap` needs to be\nasynchronous, because the package_config package _only provides\nasynchronous APIs._ (See\nhttps://github.com/dart-lang/tools/issues/1536.) And that more-or-less\nprevents us from doing all of these calculations in the\n`PackageGraphBuilder` factory constructor. (Or makes it yuckier.) So in\nthis PR I also include ~40 lines of code that lets us synchronously find\na `package_config.json` file and parse it into a PackageConfig object.\nThis code is all cribbed from package_config\u0027s `discovery.dart` file,\nstripping Future return types and unused optional parameters, and\nswitching to synchronous APIs like `File.existsSync` and\n`File.readAsBytesSync`.\n\nWith that new functionality, all of the calculations can be done from a\nstatic helper, `_findEmbedderSdkFiles`, which calculates the EmbedderSdk\nobject. And then since the `_embedderSdk` field was _itself_ an\nintermediate value supporting `_embedderSdkFiles`, we go the extra mile\nand calculate that once statically as well, and only store the list of\nfile paths." }, { "commit": "93be792045ada5f6cff8c8652b0db4f2bbf13e37", "tree": "ffd5599176ea2bebf717bc8dc088e630b8ee6e76", "parents": [ "6d9c5dd76dead12bdce457a788620397d1536bee" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Jan 12 11:43:05 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 12 11:43:05 2026 +0100" }, "message": "Prepare 9.0.1 release (#4167)\n\n" }, { "commit": "6d9c5dd76dead12bdce457a788620397d1536bee", "tree": "bc5f89d0632c87b4f3ff2d866d98d9cd517e5a25", "parents": [ "bb8f25ad57082d0bf1ab2302b45960c05cd76ee9" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Jan 09 11:54:16 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 09 11:54:16 2026 -0800" }, "message": "Tidy some interface nits (#4162)\n\nAll just nits, but simplifying the interfaces (as tangled as they are)\nmakes things easier to understand:\n\n* Category does not need to explicitly implement Documentable, because\nTopLevelContainer already does.\n* Documentable is an interface class.\n* DocumentationComment does not need to implement Documentable.\n* LibraryContainer does not need to implement Nameable or Documentable.\n* LibraryContainer.sortKey can be abstract, because it only needs to be\nadditionally implemented by one subclass (Package); this change makes\nthat more transparent.\n* TopLevelContainer does not need to implement Nameable." }, { "commit": "bb8f25ad57082d0bf1ab2302b45960c05cd76ee9", "tree": "9f069faf7a6803dc346b081ef5413330c5f3acf0", "parents": [ "9b3ea9fca9f34fbc2f5d3e1b6058f9045df679b2" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Jan 09 07:50:28 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 09 07:50:28 2026 -0800" }, "message": "Deprecate the \"typeAsHtml\" warning (#4161)\n\nThis warning is replaced by the [unintended_html_in_doc_comment lint\nrule](https://dart.dev/tools/linter-rules/unintended_html_in_doc_comment)." }, { "commit": "9b3ea9fca9f34fbc2f5d3e1b6058f9045df679b2", "tree": "e0af45a848f4ec39b702302add18e2bc0a7cd46d", "parents": [ "0eaaf7b8fb69ea39258066079c1122e3c73a408d" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Fri Jan 09 07:50:04 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 09 07:50:04 2026 -0800" }, "message": "Hide private annotations (#4163)\n\nFixes https://github.com/dart-lang/dartdoc/issues/4159\n\nAnnotations like `@_foo`, `@_Foo()`, and `@Foo._foo()`, `@Foo._foo`, and\n`@_Foo.foo` are private and will not be displayed." }, { "commit": "0eaaf7b8fb69ea39258066079c1122e3c73a408d", "tree": "56fda6675b759ec3051b09f3a338db53aba70190", "parents": [ "291c829c2bf268b29f3039c28aedb0abb48863a2" ], "author": { "name": "Sergey G. Grekhov", "email": "sgrekhov22@gmail.com", "time": "Fri Jan 09 13:58:18 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 09 12:58:18 2026 +0100" }, "message": "#4134. Add new tests regarding whitespaces and interrupting lines (#4135)\n\n" }, { "commit": "291c829c2bf268b29f3039c28aedb0abb48863a2", "tree": "1d401d54b9a8a566a2825f4bac577c51456ebbc8", "parents": [ "a9b71cb64644573b94458d41e25e25665bdb7167" ], "author": { "name": "Lasse R.H. Nielsen", "email": "lrn@google.com", "time": "Thu Jan 08 14:55:53 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 08 14:55:53 2026 +0100" }, "message": "Remove `Library.sentinel`. (#4155)\n\nUse `null` instead of a sentinel value that throws on all member accessses.\n\nThat lets the type system help with avoiding spurious runtime errors\nif forgetting to check for a sentinel. \nIt makes it explicit, as a `.library!`, where code assumes that there is\na valid library.\n\n(Some small drive-by tweaks.)" }, { "commit": "a9b71cb64644573b94458d41e25e25665bdb7167", "tree": "563b0f3040ab7b40e6902fa6ed51858715df1144", "parents": [ "d5132985255d9d2ac68393a6387773c5c6c4d841" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Tue Jan 06 03:58:18 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 06 12:58:18 2026 +0100" }, "message": "DeCo. Comment out assert(nameOffset !\u003d null ...) (#4132)\n\nIt is not true anymore (starting from\nhttps://dart-review.googlesource.com/c/sdk/+/466441) for extension\ntypes: the representation field is not present in code, so should not\nhave any name offset. And its getter / setter are also synthetic, and\nalso don\u0027t have any name offset.\n\nSo, in this PR I comment out the assert, and leave it to you to\nimplement the semantics that you think is right for DartDoc." }, { "commit": "d5132985255d9d2ac68393a6387773c5c6c4d841", "tree": "759ff714146f7a344a30e6b673c15544f5698e39", "parents": [ "25f48a0200385f87598ab19bb10cbe22b546a66e" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Jan 05 09:18:24 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 05 09:18:24 2026 -0800" }, "message": "Merge HasLocation into Warnable (#4140)\n\nIt turns out that every class that mixed in HasLocation (which only\nprovided a few members) also mixed in Warnable. They can be merged, and\nit even makes sense: in order to warn on something, you have to warn on\nit\u0027s location.\n\nOtherwise, this is a no-op, and three fields from HasLocation are moved\nto Warnable." }, { "commit": "25f48a0200385f87598ab19bb10cbe22b546a66e", "tree": "105774ca32e7bb2eb107b9b917a2f5bb34210328", "parents": [ "e2adfd9332846b935a29960ebddb3e975c6094a6" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Jan 05 09:07:54 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 05 09:07:54 2026 -0800" }, "message": "Simplify DocumentationComment.documentationFrom (#4141)\n\nSometimes I find these funny impls in a class hierarchy, like this one,\nwhere the top impl says, \"OK to calculate documentationFrom, first, am I\nan Inheritable? Oh do it this way. Otherwise do it another way.\" Ok...\nso let\u0027s just implement it the one way on the Inheritable mixin, and\nimplement it the other way up top.\n\nThis also gets rid of the field, which should not be necessary.\n\nThis should be a no-op." }, { "commit": "e2adfd9332846b935a29960ebddb3e975c6094a6", "tree": "630ca6ae283eb71ebf334e515312a5a3439a8c8f", "parents": [ "ff3eca2f1582fd7b219afa931c91e69c30c5abe9" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Jan 05 04:01:53 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 05 13:01:53 2026 +0100" }, "message": "Simplify ModelElement.documentation overrides (#4146)\n\nI was looking through Field.documentation and\nTopLevelVariable.documentation, trying to understand why they\u0027d have\ndifferent implementations than just `ModelElement.documentation`. The\nonly interesting new bit is `if (enclosingElement is Enum)`, and\notherwise they call super. They _do both_ perform this weird check about\npublic getters and setters. But there was a surprise bug! Let\u0027s look at\nthe assert:\n\n```dart\nassert((hasPublicSetter \u0026\u0026 !hasPublicGetterNoSetter) ||\n (!hasPublicSetter \u0026\u0026 hasPublicGetterNoSetter));\n```\n\nwith:\n\n```dart\nbool get hasPublicGetterNoSetter \u003d\u003e hasPublicGetter \u0026\u0026 !hasPublicSetter;\n```\n\nWhat does that boil down to?\n\n```dart\nassert((hasPublicSetter \u0026\u0026 !hasPublicGetterNoSetter) ||\n (!hasPublicSetter \u0026\u0026 hasPublicGetterNoSetter));\n |\n v\nassert((hasPublicSetter \u0026\u0026 !(hasPublicGetter \u0026\u0026 !hasPublicSetter)) ||\n (!hasPublicSetter \u0026\u0026 hasPublicGetter \u0026\u0026 !hasPublicSetter));\n |\n v\nassert((hasPublicSetter \u0026\u0026 (!hasPublicGetter || hasPublicSetter)) ||\n (!hasPublicSetter \u0026\u0026 hasPublicGetter \u0026\u0026 !hasPublicSetter));\n |\n v\nassert(true ||\n (!hasPublicSetter \u0026\u0026 hasPublicGetter));\n |\n v\nassert(true);\n```\n\nSo it seems like this assert never guarded against anything. It is safe\nto remove.\n\nBeyond that, there are some other tidyings, where I hoist `.getter` and\n`.setter` to local variables so that they can be promoted.\n\n* In `Field.attributes` there are 8 fewer null-asserts.\n* `GetterSetterCombo.oneLineDoc` is simplified similarly with patterns,\nand then the calculations inside are clearly not expensive enough to\nwarrant a `late final` field; instead we make it a getter and\npotentially save memory.\n\nAlso `GetterSetterCombo.hasPublicGetterNoSetter` is removed." }, { "commit": "ff3eca2f1582fd7b219afa931c91e69c30c5abe9", "tree": "e039300094aff55c032359204811acabb31470fb", "parents": [ "87f5a71e549e42acce123343000f88d093c1c469" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Jan 05 04:01:06 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 05 13:01:06 2026 +0100" }, "message": "Refactor and simplify various .isPublic impls (#4147)\n\n" }, { "commit": "87f5a71e549e42acce123343000f88d093c1c469", "tree": "ec0c3870160f915cb727157cfafa11d7b236f5a6", "parents": [ "c1691e920200b6dac7658d68d75f293b64fec255" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Jan 01 18:09:05 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 01 18:09:05 2026 +0000" }, "message": "Bump the github-actions group with 4 updates (#4149)\n\nBumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [actions/cache](https://github.com/actions/cache).\n\nUpdates `actions/checkout` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What\u0027s new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/ddc45ed9bca9b38dbd643978d88e3981cdc91415\"\u003e\u003ccode\u003eddc45ed\u003c/code\u003e\u003c/a\u003e docs: update README to correct action name for Node.js 24 support\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/615b319bd27bb32c3d64dca6b6ed6974d5fbe653\"\u003e\u003ccode\u003e615b319\u003c/code\u003e\u003c/a\u003e chore: release v6.0.0 for Node.js 24 support\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/017748b48f8610ca8e6af1222f4a618e84a9c703\"\u003e\u003ccode\u003e017748b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/744\"\u003e#744\u003c/a\u003e from actions/fix-storage-blob\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/38d4c7997f5510fcc41fc4aae2a6b97becdbe7fc\"\u003e\u003ccode\u003e38d4c79\u003c/code\u003e\u003c/a\u003e chore: rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/7d27270e0cfd253e666c44abac0711308d2d042f\"\u003e\u003ccode\u003e7d27270\u003c/code\u003e\u003c/a\u003e chore: add missing license cache files for \u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/io\u003c/code\u003e, and mi...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/5f643d3c9475505ccaf26d686ffbfb71a8387261\"\u003e\u003ccode\u003e5f643d3\u003c/code\u003e\u003c/a\u003e chore: update license files for \u003ccode\u003e@​actions/artifact\u003c/code\u003e\u003ca href\u003d\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.0.1 dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/1df1684032c88614064493e1a0478fcb3583e1d0\"\u003e\u003ccode\u003e1df1684\u003c/code\u003e\u003c/a\u003e chore: update package-lock.json with \u003ccode\u003e@​actions/artifact\u003c/code\u003e\u003ca href\u003d\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b5b1a918401ee270935b6b1d857ae66c85f3be6f\"\u003e\u003ccode\u003eb5b1a91\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to ^5.0.0 for Node.js 24 punycode fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.6 to 4.31.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.7\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5d4e8d1aca955e8d8589aabd499c5cae939e33c7\"\u003e\u003ccode\u003e5d4e8d1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3371\"\u003e#3371\u003c/a\u003e from github/update-v4.31.9-998798e34\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1dc115f17a8c6966e94a6477313dd3df6319bc83\"\u003e\u003ccode\u003e1dc115f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.9\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/998798e34d79baddb1566c60bbb8f68a901c04e6\"\u003e\u003ccode\u003e998798e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3352\"\u003e#3352\u003c/a\u003e from github/nickrolfe/jar-min-ff-cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5eb751966fe18977cdefa4e41e0f90e92801ce90\"\u003e\u003ccode\u003e5eb7519\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3358\"\u003e#3358\u003c/a\u003e from github/henrymercer/database-upload-telemetry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d29eddb39b7c33171bb0250114b1c9e3ff8fe2bc\"\u003e\u003ccode\u003ed29eddb\u003c/code\u003e\u003c/a\u003e Extract version number to constant\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e9626872ef3347a9c18091d60da647084c2451a6\"\u003e\u003ccode\u003ee962687\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/database-upload-telemetry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/19c7f96922a6269458f2cadcc23faf0ebaa1368b\"\u003e\u003ccode\u003e19c7f96\u003c/code\u003e\u003c/a\u003e Rename \u003ccode\u003eisOverlayBase\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ae5de9a20d0468cc3818a0dc5c99e456f996d9cf\"\u003e\u003ccode\u003eae5de9a\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003egetErrorMessage\u003c/code\u003e in log too\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0cb86337c5111af4ff3dc7e8f9b98c479c9ea954\"\u003e\u003ccode\u003e0cb8633\u003c/code\u003e\u003c/a\u003e Prefer \u003ccode\u003eperformance.now()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c07cc0d3a95a282fc5a54477464931c776d124ec\"\u003e\u003ccode\u003ec07cc0d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3351\"\u003e#3351\u003c/a\u003e from github/henrymercer/ghec-dr-determine-tools-vers...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/fe4161a26a8629af62121b670040955b330f9af2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003eactions/cache#1685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v5.0.1 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1686\"\u003eactions/cache#1686\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev5.0.0\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4.3.0...v5.0.0\"\u003ehttps://github.com/actions/cache/compare/v4.3.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9255dc7a253b0ccc959486e2bca901246202afeb\"\u003e\u003ccode\u003e9255dc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1686\"\u003e#1686\u003c/a\u003e from actions/cache-v5.0.1-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8ff5423e8b66eacab4e638ee52abbd2cb831366a\"\u003e\u003ccode\u003e8ff5423\u003c/code\u003e\u003c/a\u003e chore: release v5.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9233019a152bc768059ac1768b8e4403b5da16c1\"\u003e\u003ccode\u003e9233019\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1685\"\u003e#1685\u003c/a\u003e from salmanmkc/node24-storage-blob-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b975f2bb844529e1063ad882c609b224bcd66eb6\"\u003e\u003ccode\u003eb975f2b\u003c/code\u003e\u003c/a\u003e fix: add peer property to package-lock.json for dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/d0a0e1813491d01d574c95f8d189f62622bbb2ae\"\u003e\u003ccode\u003ed0a0e18\u003c/code\u003e\u003c/a\u003e fix: update license files for \u003ccode\u003e@​actions/cache\u003c/code\u003e, fast-xml-parser, and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/74de208dcfcbe85c0e7154e7b17e4105fe2554ff\"\u003e\u003ccode\u003e74de208\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e to ^5.0.1 for Node.js 24 punycode fix\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/ac7f1152ead02e89c14b5456d14ab17591e74cfb\"\u003e\u003ccode\u003eac7f115\u003c/code\u003e\u003c/a\u003e peer\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b0f846b50b6061d7a2ca6f1a2fea61d4a65d1a16\"\u003e\u003ccode\u003eb0f846b\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e with storage-blob fix for Node.js 24 punycode depr...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/a7833574556fa59680c1b7cb190c1735db73ebf0\"\u003e\u003ccode\u003ea783357\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1684\"\u003e#1684\u003c/a\u003e from actions/prepare-cache-v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3bb0d78750a39cefce0c2b5a0a9801052b4359ad\"\u003e\u003ccode\u003e3bb0d78\u003c/code\u003e\u003c/a\u003e docs: highlight v5 runner requirement in releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "c1691e920200b6dac7658d68d75f293b64fec255", "tree": "265bb30e8775157c090bb5c624278678757be6b8", "parents": [ "e6448573a6014815ff3149456141c9a3482679c9" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Dec 22 08:04:10 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 22 08:04:10 2025 -0800" }, "message": "Use logging in AOT compiler (#4142)\n\nThis reduces the number of lines printed by `dart test`, from ~700 to\n~530. 🎉\n\nWork towards https://github.com/dart-lang/dartdoc/issues/4030" }, { "commit": "e6448573a6014815ff3149456141c9a3482679c9", "tree": "f3c8a3733208c1d906dd5ebf81ef2fe6061550a6", "parents": [ "be58ff0ae84a02cb8483f002605d145411547ecb" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Tue Dec 16 09:41:56 2025 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Dec 16 09:41:56 2025 +0100" }, "message": "Small cleanups for spec (#4133)\n\n" }, { "commit": "be58ff0ae84a02cb8483f002605d145411547ecb", "tree": "6296b09f6e42870faec228ab93a7b5b14dcd2e54", "parents": [ "96f82aeea43a2ac57b05f5088d626ac0a6ced3f8" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Mon Dec 15 11:34:17 2025 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 15 11:34:17 2025 +0100" }, "message": "Add dart documentation comment specification version 1.0.0 (#4130)\n\n" }, { "commit": "96f82aeea43a2ac57b05f5088d626ac0a6ced3f8", "tree": "9ffd2a6ede5c6e5381dfc222d48681bf036d9d28", "parents": [ "3f1f09cddec561faaa61ba3dc767b813f6d6c699" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Dec 01 20:04:06 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 01 20:04:06 2025 +0000" }, "message": "Bump the github-actions group with 2 updates (#4131)\n\nBumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/checkout` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href\u003d\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eV6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NPM dependencies by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1703\"\u003eactions/checkout#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1694\"\u003eactions/checkout#1694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 1 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1696\"\u003eactions/checkout#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 2 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1695\"\u003eactions/checkout#1695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.2 to 4.31.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.6\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.6/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.5\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.5/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.4\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.4/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fe4161a26a8629af62121b670040955b330f9af2\"\u003e\u003ccode\u003efe4161a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3336\"\u003e#3336\u003c/a\u003e from github/update-v4.31.6-ecec1f887\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/88c2ab5eee3b475eef2f7aabf89bd9f052153d91\"\u003e\u003ccode\u003e88c2ab5\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.6\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ecec1f88769052ebc45aa0affc53ea30d474cffa\"\u003e\u003ccode\u003eecec1f8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3335\"\u003e#3335\u003c/a\u003e from github/mbg/ci/run-codeql-on-all-prs\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/23da73277866951560f258278028b48f68958a0a\"\u003e\u003ccode\u003e23da732\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3334\"\u003e#3334\u003c/a\u003e from github/kaspersv/overlay-minor-comments\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f7abc748a3da068e17cfd0e1086e8d72e51f17b6\"\u003e\u003ccode\u003ef7abc74\u003c/code\u003e\u003c/a\u003e Remove branch filter for PR event in CodeQL workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/32ada5e061c0433b9e40f11632c2412a55b745f9\"\u003e\u003ccode\u003e32ada5e\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into kaspersv/overlay-minor-comments\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/75b2f49aeaf4e8a9eab338ddc5d628eea7366eeb\"\u003e\u003ccode\u003e75b2f49\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3333\"\u003e#3333\u003c/a\u003e from github/kaspersv/overlay-no-resource-checks-option\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f036b1cb781fa664100fee1f7c56a0088663dd26\"\u003e\u003ccode\u003ef036b1c\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into kaspersv/overlay-no-resource-checks-option\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/58c5954801c246a3975b658372285b37c45de271\"\u003e\u003ccode\u003e58c5954\u003c/code\u003e\u003c/a\u003e Add comment to runnerSupportsOverlayAnalysis\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b02fa13292ce189c02cbb1ba5488f7dbbc8c6b14\"\u003e\u003ccode\u003eb02fa13\u003c/code\u003e\u003c/a\u003e Order feature flags alphabetically\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...fe4161a26a8629af62121b670040955b330f9af2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "3f1f09cddec561faaa61ba3dc767b813f6d6c699", "tree": "5217df13e2474c19563a06b75ba8f01ac6301aa8", "parents": [ "91222d670c41a7f7ddd924707fb0ab70f2df5d53" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Tue Nov 18 01:11:21 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Nov 18 10:11:21 2025 +0100" }, "message": "Pass \u0027withFineDependencies: true\u0027 to AnalysisContextCollectionImpl. (#4128)\n\n" }, { "commit": "91222d670c41a7f7ddd924707fb0ab70f2df5d53", "tree": "a3da5d11ce89ec31c342dd17e13050c8d5f675d0", "parents": [ "6d5e133826177f8e3dfa2f1842f9427f3fedac33" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Nov 01 18:10:19 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Nov 01 18:10:19 2025 +0000" }, "message": "Bump the github-actions group with 2 updates (#4125)\n\nBumps the github-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/upload-artifact` from 4.6.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we\u0027re treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href\u003d\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4\"\u003e\u003ccode\u003e330a01c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/734\"\u003e#734\u003c/a\u003e from actions/danwkennedy/prepare-5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/03f282445299bbefc96171af272a984663b63a26\"\u003e\u003ccode\u003e03f2824\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003egithub.dep.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/905a1ecb5915b264cbc519e4eb415b5d82916018\"\u003e\u003ccode\u003e905a1ec\u003c/code\u003e\u003c/a\u003e Prepare \u003ccode\u003ev5.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/2d9f9cdfa99fedaddba68e9b5b5c281eca26cc63\"\u003e\u003ccode\u003e2d9f9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/725\"\u003e#725\u003c/a\u003e from patrikpolyak/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/9687587dec67f2a8bc69104e183d311c42af6d6f\"\u003e\u003ccode\u003e9687587\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/2848b2cda0e5190984587ec6bb1f36730ca78d50\"\u003e\u003ccode\u003e2848b2c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/727\"\u003e#727\u003c/a\u003e from danwkennedy/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/9b511775fd9ce8c5710b38eea671f856de0e70a7\"\u003e\u003ccode\u003e9b51177\u003c/code\u003e\u003c/a\u003e Spell out the first use of GHES\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/cd231ca1eda77976a84805c4194a1954f56b0727\"\u003e\u003ccode\u003ecd231ca\u003c/code\u003e\u003c/a\u003e Update GHES guidance to include reference to Node 20 version\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/de65e23aa2b7e23d713bb51fbfcb6d502f8667d8\"\u003e\u003ccode\u003ede65e23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/712\"\u003e#712\u003c/a\u003e from actions/nebuk89-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/8747d8cd7632611ad6060b528f3e0f654c98869c\"\u003e\u003ccode\u003e8747d8c\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.30.5 to 4.31.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.0\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.30.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.30.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.6 - 02 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3168\"\u003e#3168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0499de31b99561a6d14a36a5f662c2a54f91beee\"\u003e\u003ccode\u003e0499de3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3261\"\u003e#3261\u003c/a\u003e from github/henrymercer/setup-python\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3b96745d2bb2af9f01a0c9a19f4ffd034ae37879\"\u003e\u003ccode\u003e3b96745\u003c/code\u003e\u003c/a\u003e Set up Python in mergeback workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8a06050a8c0348fb4738f28e0cfbb6727cf054ce\"\u003e\u003ccode\u003e8a06050\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3259\"\u003e#3259\u003c/a\u003e from github/update-v4.31.2-9576b5cbe\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/752a642cb25304f2aaae33cfcc3911673bf65aca\"\u003e\u003ccode\u003e752a642\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9576b5cbe818ddefe4e1b444017536fe40b9ab2d\"\u003e\u003ccode\u003e9576b5c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3258\"\u003e#3258\u003c/a\u003e from github/mbg/enablement-errors/case-insensitive\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cc8843728c8296d35175b82c7f1bb3748290764a\"\u003e\u003ccode\u003ecc88437\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3257\"\u003e#3257\u003c/a\u003e from github/henrymercer/ubuntu-slim\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f0e9bf07f44488f7e3adf5ff01d04e6392b60b3b\"\u003e\u003ccode\u003ef0e9bf0\u003c/code\u003e\u003c/a\u003e Make \u003ccode\u003eisEnablementError\u003c/code\u003e case-insensitive\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2a3599c52055e7a5443d3fef8981a4d543586dde\"\u003e\u003ccode\u003e2a3599c\u003c/code\u003e\u003c/a\u003e Run lightweight workflows on \u003ccode\u003eubuntu-slim\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/514ff4d116ef04d9ffc8adb3da5abb07961cb990\"\u003e\u003ccode\u003e514ff4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3256\"\u003e#3256\u003c/a\u003e from github/henrymercer/resolve-bad-merge\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/aab1c2f9318aa4b88e7532de10fe02ac860d5ab8\"\u003e\u003ccode\u003eaab1c2f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3253\"\u003e#3253\u003c/a\u003e from github/mergeback/v4.31.1-to-main-5fe9434c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/3599b3baa15b485a2e49ef411a7a4bb2452e7f93...0499de31b99561a6d14a36a5f662c2a54f91beee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "6d5e133826177f8e3dfa2f1842f9427f3fedac33", "tree": "a9edbe73874a46d6dceb8f1257391af3aa5adaad", "parents": [ "6d1aa6f5045c33d3723aba05e3e0dc1403b763c0" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Mon Oct 27 07:45:09 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Oct 27 07:45:09 2025 -0700" }, "message": "Simplify LibraryContainer hierarchy and tests (#4121)\n\nThis one is a bit of a story; I could break it up if that would help the\nreview, but here goes:\n\n1. I saw that LibraryContainer, an `abstract mixin class`, was (a)\n_mixed into_ Category, and (b) _extended_ by Package. Weird. So I tried\nto make it a _base_ class, a proper superclass of those two. Well that\nshowed me the two test classes: TestLibraryContainer and\nTestLibraryContainerSdk.\n2. What do those two test classes do? They existed for a mere 2 test\ncases in `model_test.dart`. These test cases just test the `compareTo`\nlogic in LibraryContainer, but it is not terribly obvious how they test\nthem. The TestLibraryContainer seemed very generic, and odd, with its\nown ContainerOrder list. In practice, Categories are always ordered by\nthe `--category-order` option, and Packages are always ordered by the\n`--package-order` option. There\u0027s no need to test some generic ordering\nsystem.\n3. So, I was able to tear down those test classes and their two test\ncases, and rewrite them in a more real-world test `group` in\n`packages_test.dart`.\n4. This also allows `isSdk` and `enclosingName` to be simple, final\nfields on LibraryContainer, and `enclosingName` can be private. And then\n`containerOrder` only needs to stay public in order to override.\n5. This refactoring did require some fixes in the `writePackage` test\nfunction: (a) it was writing a `.packages` file, and (b) it was writing\nhard-coded package names into a package config file. We fix this by\npassing in a list of dependency names." }, { "commit": "6d1aa6f5045c33d3723aba05e3e0dc1403b763c0", "tree": "4be2f29770aadffe5ffd47138f0c6004f6c86718", "parents": [ "f82cd35d922cf8f419da59a24a3226c9c46bc1c6" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Oct 23 08:11:30 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Oct 23 08:11:30 2025 -0700" }, "message": "Refactor Locatable into an interface, HasLocation (#4118)\n\nSince the `mixin` was introduced, and the class modifiers, we\u0027ve had\nsome tech debt around our mixins. We have a lot of mixins, and some of\nthem are better suited as interfaces or base classes. In this case,\n`Locatable` was a mixin with mostly abstract getters, and one\nimplemented getter. To me this really smelled like it should be an\ninterface.\n\nTurns out, that implemented getter, `documentationIsLocal`, is only\ncalled on `Warnable` objects (which implemented `Locatable`). So we can\nmove the getter to `Warnable`.\n\nThen we can change every case of `with Locatable` to `implements\nLocatable`. _Except_ that the interface isn\u0027t even needed on some\nclasses, like `Category` and `Package`, so we can just remove the mixin\nthere.\n\nThen a rename. I think it\u0027s idiomatic for mixin names to end in \"able\"\nlike \"Locatable,\" \"Warnable,\" \"Namable\" to suggest the ability that is\nmixed in. And it is more idiomatic for an interface to start with \"Has\"\nto suggest features that are implemented by an implementing class. But\nthere\u0027s nothing hard-and-fast here; I\u0027m open to other naming ideas." }, { "commit": "f82cd35d922cf8f419da59a24a3226c9c46bc1c6", "tree": "56aaac7dada1497c38898d42c4b226b43c04784c", "parents": [ "98d03ad2cc341d1fb053e0addfc96ba35301976b" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Oct 23 07:33:50 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Oct 23 07:33:50 2025 -0700" }, "message": "Remove unused extension method, replaced in analyzer 8.4.0 (#4119)\n\nWith analyzer 8.4.0, `Element` now has a proper instance method,\n`isDeprecatedWithKind`, which usurps our extension method. 🎉" }, { "commit": "98d03ad2cc341d1fb053e0addfc96ba35301976b", "tree": "c18ce1e5361007f8db8e72b759be964431cb0d8c", "parents": [ "45ba6edec1e4b7764c144f570877cee19729c703" ], "author": { "name": "Sarah Zakarias", "email": "zarah@google.com", "time": "Thu Oct 09 13:03:01 2025 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Oct 09 13:03:01 2025 +0200" }, "message": "Bump to 9.0.0 (#4116)\n\n" }, { "commit": "45ba6edec1e4b7764c144f570877cee19729c703", "tree": "f5e5a0c5a006e865ce3848dea66bea2e6df1f3b4", "parents": [ "ec2a4feee51961e9fbdd2bd94060cc8fc994c47e" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Tue Oct 07 02:55:54 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Oct 07 11:55:54 2025 +0200" }, "message": "Display constructor names in annotations (#4115)\n\nTwo changes in one here:\n\n* I saw in manual testing that a class annotated with\n`@Deprecated.extend()` was shown in dartdoc\u0027s HTML to just be annotated\nwith `@Deprecated`. 🤕 ouch. Dunno how that has been the case for so many\nyears; I guess named constructors are not used too much in annotations 🤷\n. So this PR makes dartdoc use the _constructor_ involved\n(`Deprecated.extend`) instead of the _type_ which is constructed\n(`Deprecated`).\n* _However_, that change makes all regular `@Deprecated(\"reason\")`\nannotations be printed as `@Deprecated.new(\"reason\")`. That `.new` looks\n_very non-idiomatic_. Gross. So I coupled another change here where we\noverride `displayName` on `Constructor` to _not_ include `.new` if we\u0027re\nlooking at an unnamed constructor.\n\nThis should be good to go. We might deprecate extending `RegExp` and\n`RegExpMatch` in Dart 3.10; it\u0027d be cool if we displayed the deprecated\nannotations correctly for this release. Note that as per\nhttps://github.com/dart-lang/dartdoc/commit/669b15f7da5da04a38e95e8ac0ff6471697a549f,\nwe won\u0027t show the element as ~~struck through~~, so the release is safe.\nBut this PR would be a cherry on top.\n\nFixes https://github.com/dart-lang/dartdoc/issues/4107" }, { "commit": "ec2a4feee51961e9fbdd2bd94060cc8fc994c47e", "tree": "eb30908e01b32f6747c2f7c2a5f4f08e0c5385cd", "parents": [ "2ec3e4eff54676b5f9edd8817ea03c6e14059ac5" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Oct 06 11:05:44 2025 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Oct 06 11:05:44 2025 +0200" }, "message": "Bump test_reflective_loader from 0.2.3 to 0.4.0 (#4111)\n\nBumps\n[test_reflective_loader](https://github.com/dart-lang/tools/tree/main/pkgs)\nfrom 0.2.3 to 0.4.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\nhref\u003d\"https://github.com/dart-lang/tools/releases\"\u003etest_reflective_loader\u0027s\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epackage:test_reflective_loader v0.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for one-time set up and teardown in test classes via\nstatic \u003ccode\u003esetUpClass\u003c/code\u003e and \u003ccode\u003etearDownClass\u003c/code\u003e\nmethods\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epackage:test_reflective_loader v0.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Dart \u003ccode\u003e^3.5.0\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate to \u003ccode\u003epackage:test\u003c/code\u003e 1.26.1.\u003c/li\u003e\n\u003cli\u003ePass locations of groups/tests to \u003ccode\u003epackage:test\u003c/code\u003e to\nimprove locations reported\nin the JSON reporter that may be used for navigation in IDEs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/ecd7dd523c8a5761f337eedce8878b092996a75c\"\u003e\u003ccode\u003eecd7dd5\u003c/code\u003e\u003c/a\u003e\nrefactor the media types golden table (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2168\"\u003e#2168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/6c1eb214e09f3703255b563f9effbbb2e6989f6b\"\u003e\u003ccode\u003e6c1eb21\u003c/code\u003e\u003c/a\u003e\nadd support for \u003ccode\u003esetUpClass\u003c/code\u003e and \u003ccode\u003etearDownClass\u003c/code\u003e\n(\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2164\"\u003e#2164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/042b03e8284032088f851172ab7b2aed06da1d72\"\u003e\u003ccode\u003e042b03e\u003c/code\u003e\u003c/a\u003e\nrev package:pool in prep for publishing (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/6cb8f0f783af879372b87eaf871ff3f03d91ca8c\"\u003e\u003ccode\u003e6cb8f0f\u003c/code\u003e\u003c/a\u003e\nUpdate README.md (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/319be98ae558cb218816f0c2aca798dcd6ee8370\"\u003e\u003ccode\u003e319be98\u003c/code\u003e\u003c/a\u003e\ncode_builder: update deps, prepare release (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/24707e094cd761178eb76e725ce17f51e22fd442\"\u003e\u003ccode\u003e24707e0\u003c/code\u003e\u003c/a\u003e\nList directory failure (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2151\"\u003e#2151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/53a9f8322c199f08c2a0722651a6c186c37b3b15\"\u003e\u003ccode\u003e53a9f83\u003c/code\u003e\u003c/a\u003e\nWindows DirectoryWatcher buffer exhaustion recovery workaround. (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/1195125e8f6e21a8c96f9f22c64d64b5e04cb8b6\"\u003e\u003ccode\u003e1195125\u003c/code\u003e\u003c/a\u003e\nConsistent blank after \u003d\u0026gt; members in class-likes (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2146\"\u003e#2146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/5e977d6f0698a220279a50538c89a440d56b0c44\"\u003e\u003ccode\u003e5e977d6\u003c/code\u003e\u003c/a\u003e\nFix mixtures of parentheses and spaces in windows command paths (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commit/607340ca7cffa2da59db9ec88f488654a5d0db0d\"\u003e\u003ccode\u003e607340c\u003c/code\u003e\u003c/a\u003e\ndisable failing test (\u003ca\nhref\u003d\"https://github.com/dart-lang/tools/tree/main/pkgs/issues/2136\"\u003e#2136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca\nhref\u003d\"https://github.com/dart-lang/tools/commits/test_reflective_loader-v0.4.0/pkgs\"\u003ecompare\nview\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dtest_reflective_loader\u0026package-manager\u003dpub\u0026previous-version\u003d0.2.3\u0026new-version\u003d0.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "2ec3e4eff54676b5f9edd8817ea03c6e14059ac5", "tree": "7d64a2797869a8fb31be4b17df0a784ca7f3150e", "parents": [ "f65c7e216701d2477627ddcd30028fb940136e60" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Thu Oct 02 05:09:58 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Oct 02 14:09:58 2025 +0200" }, "message": "Stop using TypeDefiningElement. (#4112)\n\n" }, { "commit": "f65c7e216701d2477627ddcd30028fb940136e60", "tree": "528735a56e9ff69f494279bd7fd6a57c957269fa", "parents": [ "669b15f7da5da04a38e95e8ac0ff6471697a549f" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Oct 01 18:09:06 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Oct 01 18:09:06 2025 +0000" }, "message": "Bump the github-actions group with 3 updates (#4113)\n\nBumps the github-actions group with 3 updates: [ossf/scorecard-action](https://github.com/ossf/scorecard-action), [github/codeql-action](https://github.com/github/codeql-action) and [actions/cache](https://github.com/actions/cache).\n\nUpdates `ossf/scorecard-action` from 2.4.2 to 2.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eThis update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.3.0\"\u003eScorecard v5.3.0 release notes\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e permissions needed for private repos by \u003ca href\u003d\"https://github.com/pankajtaneja5\"\u003e\u003ccode\u003e@​pankajtaneja5\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1574\"\u003eossf/scorecard-action#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:book: Fix recommended command to test the image in development by \u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1583\"\u003eossf/scorecard-action#1583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing top-level token permissions to workflows by \u003ca href\u003d\"https://github.com/timothyklee\"\u003e\u003ccode\u003e@​timothyklee\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1566\"\u003eossf/scorecard-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esetup codeowners for requesting reviews by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1576\"\u003eossf/scorecard-action#1576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:seedling: Improve printing options by \u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1584\"\u003eossf/scorecard-action#1584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/timothyklee\"\u003e\u003ccode\u003e@​timothyklee\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1566\"\u003eossf/scorecard-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/pankajtaneja5\"\u003e\u003ccode\u003e@​pankajtaneja5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1574\"\u003eossf/scorecard-action#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1584\"\u003eossf/scorecard-action#1584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a\"\u003e\u003ccode\u003e4eaacf0\u003c/code\u003e\u003c/a\u003e bump docker to ghcr v2.4.3 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a\"\u003e\u003ccode\u003e42e3a01\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 3 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1585\"\u003e#1585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15\"\u003e\u003ccode\u003e88c07ac\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128\"\u003e\u003ccode\u003e6c690f2\u003c/code\u003e\u003c/a\u003e Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd\"\u003e\u003ccode\u003e92083b5\u003c/code\u003e\u003c/a\u003e :book: Fix recommended command to test the image in development (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1583\"\u003e#1583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9\"\u003e\u003ccode\u003e7975ea6\u003c/code\u003e\u003c/a\u003e :seedling: Bump the docker-images group across 1 directory with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf\"\u003e\u003ccode\u003e0d1a743\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7\"\u003e\u003ccode\u003e46e6e0c\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1580\"\u003e#1580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d\"\u003e\u003ccode\u003ec3f1350\u003c/code\u003e\u003c/a\u003e :seedling: Improve printing options (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1584\"\u003e#1584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a\"\u003e\u003ccode\u003e43e475b\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1578\"\u003e#1578\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.30.0 to 3.30.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.5\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.4\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.2 - 09 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug which could cause language autodetection to fail. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3084\"\u003e#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: The \u003ccode\u003equality-queries\u003c/code\u003e input that was added in \u003ccode\u003e3.29.2\u003c/code\u003e as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3064\"\u003e#3064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.30.2 - 09 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug which could cause language autodetection to fail. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3084\"\u003e#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: The \u003ccode\u003equality-queries\u003c/code\u003e input that was added in \u003ccode\u003e3.29.2\u003c/code\u003e as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3064\"\u003e#3064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.1 - 05 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.0 - 01 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3599b3baa15b485a2e49ef411a7a4bb2452e7f93\"\u003e\u003ccode\u003e3599b3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3161\"\u003e#3161\u003c/a\u003e from github/update-v3.30.5-0a67bd46a\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2ca0085e584affd600efbd3930bc90e48dbacb46\"\u003e\u003ccode\u003e2ca0085\u003c/code\u003e\u003c/a\u003e Update changelog for v3.30.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0a67bd46a0f456ddad9e4b732137f519280275db\"\u003e\u003ccode\u003e0a67bd4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3160\"\u003e#3160\u003c/a\u003e from github/mbg/fix/upload-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8e34f2f3bf0f3f0b192913b0e0f234372329699b\"\u003e\u003ccode\u003e8e34f2f\u003c/code\u003e\u003c/a\u003e Add changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0b7fc5664842c1a6bb23c4ef64b85438afcb76c5\"\u003e\u003ccode\u003e0b7fc56\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eupload-sarif\u003c/code\u003e not uploading non-\u003ccode\u003e.sarif\u003c/code\u003e files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca\"\u003e\u003ccode\u003e94a9b7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3155\"\u003e#3155\u003c/a\u003e from github/mbg/node/no-install-in-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a0ae9ba2026911d58db9df06e6b074d8ef6c24c9\"\u003e\u003ccode\u003ea0ae9ba\u003c/code\u003e\u003c/a\u003e Log what the script is doing\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b27a8ef21f72b5c541232d50400874a3f0a374b9\"\u003e\u003ccode\u003eb27a8ef\u003c/code\u003e\u003c/a\u003e Exit if running in an Actions workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65925679a36e83b45b5f1673869dabf891669742\"\u003e\u003ccode\u003e6592567\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3139\"\u003e#3139\u003c/a\u003e from github/henrymercer/fix-log-message\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fa64a7dee67e389b18445aa15d26426512d9ab97\"\u003e\u003ccode\u003efa64a7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3154\"\u003e#3154\u003c/a\u003e from github/mbg/node/check-up-to-date-deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d...3599b3baa15b485a2e49ef411a7a4bb2452e7f93\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.2.4 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note on runner versions by \u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev4.3.0\u003c/code\u003e release by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1655\"\u003eactions/cache#1655\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/cache/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0057852bfaa89a56745cba8c7296529d2fc39830\"\u003e\u003ccode\u003e0057852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1655\"\u003e#1655\u003c/a\u003e from actions/Link-/prepare-4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/4f5ea67f1cc87b2d4239690fa12a12fc32096d68\"\u003e\u003ccode\u003e4f5ea67\u003c/code\u003e\u003c/a\u003e Update licensed cache\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9fcad95d03062fb8399cdbd79ae6041c7692b6c8\"\u003e\u003ccode\u003e9fcad95\u003c/code\u003e\u003c/a\u003e Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/638ed79f9dc94c1de1baef91bcab5edaa19451f4\"\u003e\u003ccode\u003e638ed79\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1642\"\u003e#1642\u003c/a\u003e from actions/GhadimiR-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3862dccb1765f1ff6e623be1f4fd3a5b47a30d27\"\u003e\u003ccode\u003e3862dcc\u003c/code\u003e\u003c/a\u003e Add note on runner versions\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...0057852bfaa89a56745cba8c7296529d2fc39830\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "669b15f7da5da04a38e95e8ac0ff6471697a549f", "tree": "e7e7eaa51cf2a6e420597d45d354849d32bb81eb", "parents": [ "42daf01ec498d323ae7bca14ddf6452e29716d9b" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Sep 25 07:26:04 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Sep 25 07:26:04 2025 -0700" }, "message": "Update deprecated check to consider new annotations (#4108)\n\nWork towards https://github.com/dart-lang/dartdoc/issues/4107\n\nWith the new `@Deprecated` annotations, we don\u0027t want to consider _any_\n`@Deprecated` annotatation as announcing \"this thing is deprecated!\" and\ncross it out. Instead, we should only consider `@deprecated` (the\nconstant) and `@Deprecated()` (the unnamed constructor) as announcing\nsuch a thing.\n\nAll this change does is fix `isDeprecated` to understand that\n`@Deprecated.extend` etc does not mark the element as deprecated.\n\nThere should be future changes where we _do_ indicate something about a\nspecific deprecation, like `@Deprecated.extend`." } ], "next": "42daf01ec498d323ae7bca14ddf6452e29716d9b" }