)]}' { "log": [ { "commit": "14f99ecdcb74778654d936ce26c70798a3b6649f", "tree": "0c762f4a9fbcf6609a849a12f4bb2ff0381b5edc", "parents": [ "fd2b4be610fb75837e217db7c18b8e74a08b5534" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri May 01 16:18:32 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 16:18:32 2026 -0700" }, "message": "Track the OS for browser platforms (#2449)\n\nWe currently do not allow making configuration using tools like\n`OnPlatform` that is specific to an OS and browser combination. So if\nthere is a situation where tests don\u0027t work on firefox on windows, but\nwork everywhere else, we cannot express an intent to skip just the\nfailing tests.\n\nIn a usage like `OnPlatform({\u0027windows \u0026\u0026 firefox\u0027})` the selector will\nnever be true because `firefox` and `windows` are mutually exclusive.\nIt does allow cases like `\u0027windows || firefox\u0027` which matches windows VM\ntests and firefox everywhere.\n\nChanging this means a change to how existing selectors are evaluated. CI\nmay be impacted if a package is configuring a skip for an OS expecting\nonly the VM tests to be skipped on that OS with the browser tests still\nrunning.\n\nUse the new capability to skip a test that is failing on windows firefox\nbrowser." }, { "commit": "fd2b4be610fb75837e217db7c18b8e74a08b5534", "tree": "c451a8e868ebdfd996643a5acb51447d055086ec", "parents": [ "a1b82f18d73b07d8c9cb1ceb2217b2757135e02e" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri May 01 16:08:03 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 16:08:03 2026 -0700" }, "message": "Override test packages in coverage tests (#2638)\n\nThese tests use the `runTest` test utility which uses a precompiled test\nrunner built from the repo sources. They also use `runPub` to run fetch\npublished versions of the test packages using a pubspec it creates. This\ncauses a version mismatch between the runner and the version of the test\npackages the test file is importing when it is compiled.\n\nAdd a `dependency_overrides` section to each generated pubspec in the\ncoverage tests. Override all 3 test runner implementation packages to\nuse the repo sources." }, { "commit": "a1b82f18d73b07d8c9cb1ceb2217b2757135e02e", "tree": "6e5f74829e135823b66a26d5f4edee462cb38976", "parents": [ "d5da9229e3dd3da95194c79f0b929c08432e6ec5" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri May 01 04:03:25 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri May 01 04:03:25 2026 +0000" }, "message": "Bump the github-actions group with 3 updates (#2637)\n\nBumps the github-actions group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.1 to 4.35.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href\u003d\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository\u0027s settings. For more information, see \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href\u003d\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/95e58e9a2cdfd71adc6e0353d5c52f41a045d225\"\u003e\u003ccode\u003e95e58e9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3824\"\u003e#3824\u003c/a\u003e from github/update-v4.35.2-d2e135a73\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/6f31bfe060e817d81e938dbec767969d20031e25\"\u003e\u003ccode\u003e6f31bfe\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d2e135a73a39154e3a231aeb49163c4661c5b8b1\"\u003e\u003ccode\u003ed2e135a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3823\"\u003e#3823\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/60abb65df09fcf213c398e064c8a80db1f15cdaf\"\u003e\u003ccode\u003e60abb65\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5a0a562209255e956ad8aafcee303294e64eefa2\"\u003e\u003ccode\u003e5a0a562\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65216971a11ded447a6b76263d5a144519e5eee1\"\u003e\u003ccode\u003e6521697\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3820\"\u003e#3820\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3c45af2dd258e1623af1898da5c86545b514e028\"\u003e\u003ccode\u003e3c45af2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3821\"\u003e#3821\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-345b93...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f1c339364c12f922998186ed897e45e3b4ae8874\"\u003e\u003ccode\u003ef1c3393\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1024fc496c87e944a93e98d8cf2c09e2c7602a30\"\u003e\u003ccode\u003e1024fc4\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9dd4cfed96030ccdfe1af4daf7a7964322704fed\"\u003e\u003ccode\u003e9dd4cfe\u003c/code\u003e\u003c/a\u003e Bump the npm-minor group across 1 directory with 6 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "d5da9229e3dd3da95194c79f0b929c08432e6ec5", "tree": "fadbea1942f2cc283149bf97ae4d776705b369b5", "parents": [ "c8c76f457bbe64f8707b3c7c7259790f593d8c72" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Mon Apr 27 17:32:33 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 17:32:33 2026 -0700" }, "message": "Expose the backend APIs used by flutter_test from test_api (#2635)\n\nThis will allow `test_api` to be unpinned from the flutter SDK.\n\nIncreases package surface area, perhaps further than we would like in\nthe long run. Makes the current dependencies visible.\n\nPart of https://github.com/flutter/flutter/issues/185016" }, { "commit": "c8c76f457bbe64f8707b3c7c7259790f593d8c72", "tree": "471efb0fc745d6772ead043564832be2d0a4f7d6", "parents": [ "8bbb8474e3ff85aa9450c2b00f9476b34ebdd679" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 27 13:38:25 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 27 13:38:25 2026 -0700" }, "message": "Prepare to publish (#2634)" }, { "commit": "8bbb8474e3ff85aa9450c2b00f9476b34ebdd679", "tree": "992773e1705d4d60b3b3ce91b5efd2a4bb432602", "parents": [ "bd401482a19620c4521547af793f007bfebc599a" ], "author": { "name": "Jonas Finnemann Jensen", "email": "jonasfj@google.com", "time": "Fri Apr 17 21:47:38 2026 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 17 12:47:38 2026 -0700" }, "message": "Example of how to use `has` (#2631)\n\nDemonstrate the extension pattern in the docs." }, { "commit": "bd401482a19620c4521547af793f007bfebc599a", "tree": "dea6c8a53001b5fc4fdc2fb1c47345a6f38c96c9", "parents": [ "d20671c1eff6318224cfb538460ef4a18f9cd248" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 13 16:58:35 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 16:58:35 2026 -0700" }, "message": "Remove extra version info (#2539)\n\nFollow up to https://github.com/dart-lang/test/pull/2538\n\nThis is only relevant when using the test runner as a git or path\ndependency. In these cases the version will already end in `-WIP` with\nour current development practices and in the places where it may come up\nthe users don\u0027t need help understanding where the code is coming from." }, { "commit": "d20671c1eff6318224cfb538460ef4a18f9cd248", "tree": "940ba9becaf60b5ef0e33eebb07770f1e83677d2", "parents": [ "17efdc2f8316c71cc9c8630274ae05e284b74595" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Apr 13 15:52:53 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 15:52:53 2026 -0700" }, "message": "Fix dart2wasm tests with custom HTML files (#2626)\n\nWhen running tests with `dart2wasm` and a custom HTML file, the JS bootstrap file `run_wasm_chrome.js` failed because it tried to read `dataset` from a DOM element with ID `WasmBootstrapInfo`, which is not present in custom HTML files.\n\nThis commit updates `run_wasm_chrome.js` to fallback to inferring the `.wasm` and `.mjs` URLs from `document.currentScript.src` if the `WasmBootstrapInfo` element is not found.\n\nAdded a regression test to verify the fix.\n\nFixes #2625" }, { "commit": "17efdc2f8316c71cc9c8630274ae05e284b74595", "tree": "348b6779e6a749e684b4b554a3eff958dca610d0", "parents": [ "c21233e9e93bd46c90c7e4785ca2b02ec3b2aba5" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Apr 13 15:20:24 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 15:20:24 2026 -0700" }, "message": "fix: improve error reporting on GitHub (#2629)\n\nGroup success and skip so it\u0027s easy to see the failures!\nUpdate skip icon to ⏭️ so they are easier to scan\n\nFixes https://github.com/dart-lang/test/issues/2628" }, { "commit": "c21233e9e93bd46c90c7e4785ca2b02ec3b2aba5", "tree": "dfd7c93deb57f67e2e2446757871e44294599583", "parents": [ "e8012f71a5569fe604fc5ddbad3817a70e178bf2" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 13 14:56:39 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 14:56:39 2026 -0700" }, "message": "Ignore test pid on windows (#2630)\n\nThe tests are flaky or always failing due to inconsistencies with PID\nbehavior on windows. Change the PID expectation argument to take a\nmatcher and use `anything` on windows." }, { "commit": "e8012f71a5569fe604fc5ddbad3817a70e178bf2", "tree": "90e9f3570f29693c9ec5f72d8ed2d4685321b4de", "parents": [ "cfdd7d26f128517934610ff22179217ecad489b0" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Apr 13 14:40:53 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 14:40:53 2026 -0700" }, "message": "Bump to language version 3.10 (#2624)\n\nCloses #2623" }, { "commit": "cfdd7d26f128517934610ff22179217ecad489b0", "tree": "011aee4640e34370f1bd9ca20ed99046a94b2c64", "parents": [ "d0d5ccd037cb0eaea8e4dad900946ac54a4286c6" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Apr 13 10:37:56 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 10:37:56 2026 -0700" }, "message": "Bump the github-actions group with 3 updates (#2619)\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d0d5ccd037cb0eaea8e4dad900946ac54a4286c6", "tree": "b791bd197d2034e8b36d82aaf677491af42a9e55", "parents": [ "bcc5228370ba909e5774441398b8585ba9874423" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Mon Apr 13 10:31:58 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 13 10:31:58 2026 -0700" }, "message": "Allow analyzer ^13.0.0, with breaking changes. (#2622)" }, { "commit": "bcc5228370ba909e5774441398b8585ba9874423", "tree": "0f1b0abe40e534e376cd3778525796f0bc9c2df3", "parents": [ "2b8c256a6320435dc8c9dbb1303fb6540e617846" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Tue Mar 31 15:02:44 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 15:02:44 2026 -0700" }, "message": "Fix hang on windows with multiple exe tests (#2618)\n\nFixes #2617\n\nReorder the callbacks to clocks the socket and the server.\n\nEnable `-c exe` tests for test_api to help get better coverage of these\nkinds of tests." }, { "commit": "2b8c256a6320435dc8c9dbb1303fb6540e617846", "tree": "82692af4869170693bdb2785d5174f511baf79e3", "parents": [ "2baa37c0a8bc96feb17e8721641c4ee1dd4aa7aa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Mar 24 16:45:02 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 24 16:45:02 2026 -0700" }, "message": "Allow exceptions from operator \u003d\u003d (#2543)\n\nIt\u0027s confusing to treat an object that throws from `operator \u003d\u003d`\nidentically to one that returns `false` normally. Intentional exceptions\nin `operator \u003d\u003d` are very unlikely, so this change is not likely to\ncause too many spurious failures." }, { "commit": "2baa37c0a8bc96feb17e8721641c4ee1dd4aa7aa", "tree": "163b95cd057eeeef968eece97689a60b831aa62f", "parents": [ "d3203334dacd7332c20225b39be1b01db4695d42" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Mar 23 13:15:15 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 23 13:15:15 2026 -0700" }, "message": "Respect common environment variables for color output detection (#2613)" }, { "commit": "d3203334dacd7332c20225b39be1b01db4695d42", "tree": "39a8f297706cd066b8c2df836e1610b427a2a675", "parents": [ "021d056da4a63592371e84eb279f65881f42156c" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Mar 19 16:07:02 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 19 16:07:02 2026 -0700" }, "message": "Catch Errors reading resolved executable (#2612)" }, { "commit": "021d056da4a63592371e84eb279f65881f42156c", "tree": "90bd00e7fe9b775325a0c498e047f0dc9c53fadc", "parents": [ "36b9d8291803520b969b9ee623edf276fcc5d5e0" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Wed Mar 18 16:27:32 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 18 16:27:32 2026 -0700" }, "message": "Allow analyzer major version 12 (#2610)\n\nPrepare to publish." }, { "commit": "36b9d8291803520b969b9ee623edf276fcc5d5e0", "tree": "1efee92fcbee762f3df4d2db9167a506f2fa8f9a", "parents": [ "1cd6232e740a9f4ee5a4aced8c31ee8de4005be9" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Mar 17 13:36:05 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 17 13:36:05 2026 -0700" }, "message": "Fix exception for missing resolved executable (#2611)\n\nIn some executions of the test runner internally the\n`Platform.resolvedExectuble` may be unexpectedly `null`. Catch\nexceptions trying to read the field and allow a `null` return. The usage\nfor this variable currently prepends it to file paths, and it\u0027s safe to\nsearch the \"wrong\" full path and not find the file." }, { "commit": "1cd6232e740a9f4ee5a4aced8c31ee8de4005be9", "tree": "0b40f9fe87a62773ba259fc0f73527b5c9a450cc", "parents": [ "9d2f9fe044a06206fb6956442a5803c0af17d6b0" ], "author": { "name": "Ryan Macnak", "email": "rmacnak@google.com", "time": "Tue Mar 10 12:54:31 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 12:54:31 2026 -0700" }, "message": "Support tests on VM with sanitizers (#2575)\n\nThis is useful for finding issues when using foreign libraries through\n`dart:ffi`, such as use-after-free, use of uninitialized memory and data\nraces.\n\nThis is also useful for pure Dart programs that might have data races\nthrough the use of shared fields.\n\nOnly available on 64-bit Linux.\n\nhttps://clang.llvm.org/docs/AddressSanitizer.html\nhttps://clang.llvm.org/docs/MemorySanitizer.html\nhttps://clang.llvm.org/docs/ThreadSanitizer.html\n\nAdd `vm-asan`, `vm-msan`, and `vm-tsan` runtimes. Use the appropriate\ncompiler flags and VM executable for each." }, { "commit": "9d2f9fe044a06206fb6956442a5803c0af17d6b0", "tree": "257bc2376113ebc41cf512f5221711c3ed066380", "parents": [ "7e6d5dac07e40241238e0951438d0c0a2750e4b9" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Mar 09 14:20:07 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 09 14:20:07 2026 -0700" }, "message": "Fix hang when separate-process test crashes (#2606)" }, { "commit": "7e6d5dac07e40241238e0951438d0c0a2750e4b9", "tree": "bb34b7cc978f706b8bf0345fb35d6ec0890d5f16", "parents": [ "c8c7301228841e3008a0a4c69b78f75ba2be6fce" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Mon Mar 09 08:15:50 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 09 08:15:50 2026 -0700" }, "message": "Require `analyzer: \u0027\u003e\u003d8.0.0 \u003c12.0.0\u0027` (#2607)" }, { "commit": "c8c7301228841e3008a0a4c69b78f75ba2be6fce", "tree": "c59d919db2d5bf5baf3fa2d4d72001e5b7b437d4", "parents": [ "21ed5d6c6447c4680fce95f30aa2a263c17fdbed" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Mar 05 10:39:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Mar 05 10:39:37 2026 -0800" }, "message": "Remove stale deprecation annotations (#2605)\n\nThe `@doNotSubmit` is the replacement and the `@Deprecated` was left in\nas a temporary safety during the transition." }, { "commit": "21ed5d6c6447c4680fce95f30aa2a263c17fdbed", "tree": "6907cef00cf9eb6164cd0d0d1b8e19db99090e30", "parents": [ "746af0e5645189ccde83279844f600e034eda3b7" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed Mar 04 16:58:03 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 04 16:58:03 2026 -0800" }, "message": "Add void return on group callback (#2604)\n\nThis type influences type inference and this change can impact what\nstatic diagnostics apply, but is not breaking at the language level.\nCurrently the callbacks to `test` are left as `FutureOr\u003cdynamic\u003e` for\nnow, the ecosystem impact may be larger.\n\nTightening the type on group internally catches some callbacks written\nas `() \u003d\u003e {test(...)}` and surfaces a diagnostic. This was low impact on\nthe internal test corpus." }, { "commit": "746af0e5645189ccde83279844f600e034eda3b7", "tree": "b260d150e2a36a0bac88b51f50b3245fee662e2a", "parents": [ "0d5fe4dcb20b4b601b4350398d32e3c47321f841" ], "author": { "name": "Aryan Shukla", "email": "88445101+Telomelonia@users.noreply.github.com", "time": "Thu Mar 05 09:38:44 2026 +0900" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 04 16:38:44 2026 -0800" }, "message": "Default failure summary for expanded reporter (#2588)\n\nAdd a summary of up to 5 failed or incomplete tests at the end of the\nexpanded reporter. Use a deterministic sort order for failing tests for\nconsistency. Truncate lists of more than 5 failures with a remaining\ncount." }, { "commit": "0d5fe4dcb20b4b601b4350398d32e3c47321f841", "tree": "f9c7adcd4239292732bcd61eb006026c5a21dd1f", "parents": [ "45e4ef287d70dad449f13d4f284f9faea2d9188b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Mar 01 03:51:24 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Mar 01 03:51:24 2026 +0000" }, "message": "Bump the github-actions group with 3 updates (#2602)\n\nBumps the github-actions group with 3 updates: [actions/stale](https://github.com/actions/stale), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/stale` from 10.1.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix checking state cache (fix \u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e) and switch to Octokit helper methods by \u003ca href\u003d\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade js-yaml from 4.1.0 to 4.1.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1304\"\u003eactions/stale#1304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade lodash from 4.17.21 to 4.17.23 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1313\"\u003eactions/stale#1313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by \u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1312\"\u003eactions/stale#1312\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.2.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003e\u003ccode\u003eb5d41d4\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1313\"\u003e#1313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/dcd2b9469d2220b7e8d08aedc00c105d277fd46b\"\u003e\u003ccode\u003edcd2b94\u003c/code\u003e\u003c/a\u003e Fix punycode and url.parse Deprecation Warnings (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1312\"\u003e#1312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/d6f8a33132340b15a7006f552936e4b9b39c00ec\"\u003e\u003ccode\u003ed6f8a33\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1304\"\u003e#1304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/a21a0816299b11691f9592ef0d63d08e02f06d9d\"\u003e\u003ccode\u003ea21a081\u003c/code\u003e\u003c/a\u003e Fix checking state cache (fix \u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e), also switch to octokit methods (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 6.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What\u0027s new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we\u0027ve upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.0 to 4.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href\u003d\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href\u003d\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/89a39a4e59826350b863aa6b6252a07ad50cf83e\"\u003e\u003ccode\u003e89a39a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3494\"\u003e#3494\u003c/a\u003e from github/update-v4.32.4-39ba80c47\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e5d84c885c00d506f7816d26a298534dbbffac6d\"\u003e\u003ccode\u003ee5d84c8\u003c/code\u003e\u003c/a\u003e Apply remaining review suggestions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0c202097b5de484e2a3725d4467f9cb7e3107881\"\u003e\u003ccode\u003e0c20209\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/314172e5a1e1691ba4ad232b3d0230ceaf3d9239\"\u003e\u003ccode\u003e314172e\u003c/code\u003e\u003c/a\u003e Fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cdda72d36b93310932b0afe1784acd0209d190dd\"\u003e\u003ccode\u003ecdda72d\u003c/code\u003e\u003c/a\u003e Add changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cfda84cc5509282e2adc1570c3cf29c3167ae87f\"\u003e\u003ccode\u003ecfda84c\u003c/code\u003e\u003c/a\u003e Update changelog for v4.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/39ba80c47550c834104c0f222b502461ac312c29\"\u003e\u003ccode\u003e39ba80c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3493\"\u003e#3493\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/00150dad957fc9c1cba52bdab82e458ae5c09fe5\"\u003e\u003ccode\u003e00150da\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d97dce6561ae3dd4e4db9bfa95479f7572bd7566\"\u003e\u003ccode\u003ed97dce6\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/50fdbb9ec845c41d6d3509d794e3a28af7032c59\"\u003e\u003ccode\u003e50fdbb9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3492\"\u003e#3492\u003c/a\u003e from github/henrymercer/new-repository-properties-ff\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...89a39a4e59826350b863aa6b6252a07ad50cf83e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "45e4ef287d70dad449f13d4f284f9faea2d9188b", "tree": "b9283108442f9597858d485ff2f88b2bcca6adbd", "parents": [ "5adf49a2d20c9844e393152c2984b81ecfa3b6cb" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Feb 26 17:52:14 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 26 17:52:14 2026 -0800" }, "message": "Prepare to publish (#2601)\n\n" }, { "commit": "5adf49a2d20c9844e393152c2984b81ecfa3b6cb", "tree": "0566f95222f0eecf779af703691542376cea5074", "parents": [ "88eafe209d92fe6dce7cc0239f4d4b249f63c59a" ], "author": { "name": "Danny Tuppeny", "email": "danny@tuppeny.com", "time": "Thu Feb 26 16:48:42 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 26 08:48:42 2026 -0800" }, "message": "Fix missing test locations on solo-skipped tests by passing location/trace through (#2600)\n\nFixes https://github.com/dart-lang/test/issues/2599 by ensuring stack traces/locations are carried across when tests are replaced with skips because of `solo`.\n\nSince `test_api` 0.7.9 has already been published, I bumped this to `0.7.10`, which also meant updating in `test` and `test_core` for things to resolve correctly. I\u0027m not sure if I did this correctly, so if I need to change anything, please let me know!\n\n- [x] I’ve reviewed the contributor guide and applied the relevant portions to this PR.\n" }, { "commit": "88eafe209d92fe6dce7cc0239f4d4b249f63c59a", "tree": "30529245d4144dc6c20b090d6bf5d841e0bebbe3", "parents": [ "6f9e059e1440eef5bc8c96d8389ea5f316770636" ], "author": { "name": "Felix Angelov", "email": "felangelov@gmail.com", "time": "Fri Feb 20 18:19:50 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 20 16:19:50 2026 -0800" }, "message": "fix: report all coverage when no filters are specified (#2594)\n\nFixes #2581\n\nRestore old behavior when no filters are specified and using the legacy\nJSON mode." }, { "commit": "6f9e059e1440eef5bc8c96d8389ea5f316770636", "tree": "5e2ffdf0be72e2f473707c551b39468cb898f7ff", "parents": [ "fe41d5408bfd7c73cc4309da6ab6f0ba46cbf417" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Feb 17 18:53:09 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 17 18:53:09 2026 -0800" }, "message": "[matcher] Add type check in pairwiseCompare (#2596)\n\nCloses #2454\n\nCurrently a failure from the cast causes a failure output including:\n\n Which: has \u003cnull\u003e which is not \u003cnull\u003e at index null\n\nFill in the missing info by adding an explicit type check instead of an\nunchecked cast before passing to the comparison callback. Elements with\nmismatched type are treated identically to those which fail the\ncomparison, but should be clear to a reader of the failure." }, { "commit": "fe41d5408bfd7c73cc4309da6ab6f0ba46cbf417", "tree": "75840ce8596a5872a6d35ad5534028458dc9421f", "parents": [ "ce6ef63e3c437e7b605a4863584a04f826642eaf" ], "author": { "name": "Nils Reichardt", "email": "me@nils.re", "time": "Thu Feb 12 00:22:53 2026 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 11 15:22:53 2026 -0800" }, "message": "Add `--suite-load-timeout` option (#2505)\n\nRemove the hardcoded timeout and allow specifying a timeout for loading\nindividual test suites." }, { "commit": "ce6ef63e3c437e7b605a4863584a04f826642eaf", "tree": "5580191ae1446aa5898ffa54254962933e8bbd0f", "parents": [ "5a2b40d8a5310ee37d5064e36b9b428f1596cc0f" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Wed Feb 11 12:50:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 11 12:50:37 2026 -0800" }, "message": "Make pretty print O(max size) (#2591)\n\nFixes https://github.com/dart-lang/test/issues/2553.\n\nThis issue was present in both matcher and checks, and for iterables and maps, this fixes all of those cases.\n\nCo-authored-by: Nate Bosch \u003cnbosch@google.com\u003e" }, { "commit": "5a2b40d8a5310ee37d5064e36b9b428f1596cc0f", "tree": "a1d2850881d3f1a1ba7cdf3bafb5e1edd466e2b3", "parents": [ "9594859a3e83493fb12f7f9119f56b403c67fccf" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Wed Feb 04 13:09:49 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 04 13:09:49 2026 -0800" }, "message": "test: add library doc comments (#2586)\n\n" }, { "commit": "9594859a3e83493fb12f7f9119f56b403c67fccf", "tree": "7dc1613c76813ff04559dede088eef6c983afd7a", "parents": [ "ea538551b2c94b12a1b5b1da3bd141154cb598eb" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Feb 01 03:53:25 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Feb 01 03:53:25 2026 +0000" }, "message": "Bump the github-actions group with 3 updates (#2590)\n\nBumps the github-actions group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 5.0.1 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href\u003d\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href\u003d\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href\u003d\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href\u003d\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003e\u003ccode\u003ecdf6c1f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1695\"\u003e#1695\u003c/a\u003e from actions/Link-/prepare-5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d\"\u003e\u003ccode\u003ea1bee22\u003c/code\u003e\u003c/a\u003e Add review for the \u003ccode\u003e@​actions/http-client\u003c/code\u003e license\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f\"\u003e\u003ccode\u003e4695763\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502\"\u003e\u003ccode\u003edc73bb9\u003c/code\u003e\u003c/a\u003e Upgrade dependencies and address security warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a\"\u003e\u003ccode\u003e345d5c2\u003c/code\u003e\u003c/a\u003e Add 5.0.3 builds\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003e\u003ccode\u003e8b402f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1692\"\u003e#1692\u003c/a\u003e from GhadimiR/main\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002\"\u003e\u003ccode\u003e304ab5a\u003c/code\u003e\u003c/a\u003e license for httpclient\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be\"\u003e\u003ccode\u003e609fc19\u003c/code\u003e\u003c/a\u003e Update licensed record for cache\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5\"\u003e\u003ccode\u003eb22231e\u003c/code\u003e\u003c/a\u003e Build\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a\"\u003e\u003ccode\u003e93150cd\u003c/code\u003e\u003c/a\u003e Add PR link to releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.9 to 4.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.31.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.31.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href\u003d\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href\u003d\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href\u003d\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003e\u003ccode\u003eb20883b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3428\"\u003e#3428\u003c/a\u003e from github/update-v4.32.0-e3b8227a2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b\"\u003e\u003ccode\u003ec9aa45d\u003c/code\u003e\u003c/a\u003e Update changelog for v4.32.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634\"\u003e\u003ccode\u003ee3b8227\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3427\"\u003e#3427\u003c/a\u003e from github/henrymercer/bump-for-new-minor-series\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064\"\u003e\u003ccode\u003e8a01181\u003c/code\u003e\u003c/a\u003e Compare minor version number\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae\"\u003e\u003ccode\u003e80e1425\u003c/code\u003e\u003c/a\u003e Bump minor version for CLI v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a\"\u003e\u003ccode\u003eb748848\u003c/code\u003e\u003c/a\u003e Bump the Action minor version number on new CodeQL minor version series\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18\"\u003e\u003ccode\u003e5e767ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3425\"\u003e#3425\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86\"\u003e\u003ccode\u003e9752869\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e\"\u003e\u003ccode\u003ec62c214\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490\"\u003e\u003ccode\u003e25a224b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3423\"\u003e#3423\u003c/a\u003e from github/mbg/ci/yq-windows\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...b20883b0cd1f46c72ae0ba6d1090936928f9fa30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "ea538551b2c94b12a1b5b1da3bd141154cb598eb", "tree": "7e62e11ad0fac997406ddce726d5af4186efdc76", "parents": [ "db0c8111377ab4a157351d12426f734c89c10d22" ], "author": { "name": "Matthew McDonald", "email": "mmcdon20@live.com", "time": "Tue Jan 27 19:50:56 2026 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 17:50:56 2026 -0800" }, "message": "Add FutureOr return types on callbacks (#2587)\n\nIndicate which APIs allow asynchronous callbacks with an explicit\n`FutureOr` return type. These remain `FutureOr\u003cdynamic\u003e` in place of\n`FutureOr\u003cvoid\u003e` which would impact type inference and may cause\ndiagnostics in downstream code." }, { "commit": "db0c8111377ab4a157351d12426f734c89c10d22", "tree": "59f8a9347c84511deb3066dc824740e7bbabfcc2", "parents": [ "f95c0f5c10fa9af35014117cb00ec17d2a117265" ], "author": { "name": "Konstantin Scheglov", "email": "scheglov@google.com", "time": "Wed Jan 07 15:06:47 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 07 15:06:47 2026 -0800" }, "message": "Allow analyzer major version 10 (#2584)\n\nPrepare to publish." }, { "commit": "f95c0f5c10fa9af35014117cb00ec17d2a117265", "tree": "718e0158fd3d03c1078837715f5b98c5945064f3", "parents": [ "c970e0035248d149e02c42143cba7b9055e40144" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue Jan 06 10:21:18 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 06 10:21:18 2026 -0800" }, "message": "Allow empty test source when parsing metadata (#2583)\n\nSome use cases with precompiled tests pass an empty test source file and\nskip any of the behavior of configuration metadata annotations. This\nisn\u0027t the golden path design for the runner, but we can avoid breaking\nit easily. In this scenario the specific problem of a missing `main`\nwill have already been handled by other infrastructure, so whether the\nerror is clear is out of our control. This change does restore the less\ndirect error about missing main in the case where a typical test runner\nuser tries to run a completely empty test suite, but this is unlikely in\npractice." }, { "commit": "c970e0035248d149e02c42143cba7b9055e40144", "tree": "a863bad169dcb624326dc0a3efadacef7599941f", "parents": [ "6f79518158d31d3ddc2f11672b28952900ec7385" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue Jan 06 12:17:01 2026 +1100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 05 17:17:01 2026 -0800" }, "message": "Remove the dependency on pubspec_parse (#2580)\n\nFixes #2579" }, { "commit": "6f79518158d31d3ddc2f11672b28952900ec7385", "tree": "b0bc9e3dd4646a37e21d274c262cb373969edf86", "parents": [ "da25976b09e69e33ce59f883a1f94dd653733943" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Jan 01 03:11:05 2026 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 01 03:11:05 2026 +0000" }, "message": "Bump the github-actions group with 5 updates (#2582)\n\nBumps the github-actions group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.0` | `6.0.1` |\n| [actions/stale](https://github.com/actions/stale) | `10.1.0` | `10.1.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `6.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.5` | `4.31.9` |\n\nUpdates `actions/cache` from 4.3.0 to 5.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003eactions/cache#1685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v5.0.1 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1686\"\u003eactions/cache#1686\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev5.0.0\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4.3.0...v5.0.0\"\u003ehttps://github.com/actions/cache/compare/v4.3.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9255dc7a253b0ccc959486e2bca901246202afeb\"\u003e\u003ccode\u003e9255dc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1686\"\u003e#1686\u003c/a\u003e from actions/cache-v5.0.1-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8ff5423e8b66eacab4e638ee52abbd2cb831366a\"\u003e\u003ccode\u003e8ff5423\u003c/code\u003e\u003c/a\u003e chore: release v5.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9233019a152bc768059ac1768b8e4403b5da16c1\"\u003e\u003ccode\u003e9233019\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1685\"\u003e#1685\u003c/a\u003e from salmanmkc/node24-storage-blob-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b975f2bb844529e1063ad882c609b224bcd66eb6\"\u003e\u003ccode\u003eb975f2b\u003c/code\u003e\u003c/a\u003e fix: add peer property to package-lock.json for dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/d0a0e1813491d01d574c95f8d189f62622bbb2ae\"\u003e\u003ccode\u003ed0a0e18\u003c/code\u003e\u003c/a\u003e fix: update license files for \u003ccode\u003e@​actions/cache\u003c/code\u003e, fast-xml-parser, and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/74de208dcfcbe85c0e7154e7b17e4105fe2554ff\"\u003e\u003ccode\u003e74de208\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e to ^5.0.1 for Node.js 24 punycode fix\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/ac7f1152ead02e89c14b5456d14ab17591e74cfb\"\u003e\u003ccode\u003eac7f115\u003c/code\u003e\u003c/a\u003e peer\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/b0f846b50b6061d7a2ca6f1a2fea61d4a65d1a16\"\u003e\u003ccode\u003eb0f846b\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/cache\u003c/code\u003e with storage-blob fix for Node.js 24 punycode depr...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/a7833574556fa59680c1b7cb190c1735db73ebf0\"\u003e\u003ccode\u003ea783357\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1684\"\u003e#1684\u003c/a\u003e from actions/prepare-cache-v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3bb0d78750a39cefce0c2b5a0a9801052b4359ad\"\u003e\u003ccode\u003e3bb0d78\u003c/code\u003e\u003c/a\u003e docs: highlight v5 runner requirement in releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 10.1.0 to 10.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Missing Input Reading for \u003ccode\u003eonly-issue-types\u003c/code\u003e by \u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1298\"\u003eactions/stale#1298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproves error handling when rate limiting is disabled on GHES. by \u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1300\"\u003eactions/stale#1300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade eslint-config-prettier from 8.10.0 to 10.1.8 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1276\"\u003eactions/stale#1276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/node\u003c/code\u003e from 20.10.3 to 24.2.0 and document breaking changes in v10 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1280\"\u003eactions/stale#1280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/publish-action from 0.3.0 to 0.4.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1291\"\u003eactions/stale#1291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/checkout from 4 to 6 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1306\"\u003eactions/stale#1306\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1300\"\u003eactions/stale#1300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.1.1\"\u003ehttps://github.com/actions/stale/compare/v10...v10.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/997185467fa4f803885201cee163a9f38240193d\"\u003e\u003ccode\u003e9971854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 6 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1306\"\u003e#1306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/5611b9defa6b7799a950489b00163db69f7a3ece\"\u003e\u003ccode\u003e5611b9d\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1291\"\u003e#1291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/fad0de84e50d1aba7b0236cdaf0ea98a43286849\"\u003e\u003ccode\u003efad0de8\u003c/code\u003e\u003c/a\u003e Improves error handling when rate limiting is disabled on GHES. (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1300\"\u003e#1300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/39bea7de61dd70ce4705a976f904f33d5e1e0f49\"\u003e\u003ccode\u003e39bea7d\u003c/code\u003e\u003c/a\u003e Add Missing Input Reading for \u003ccode\u003eonly-issue-types\u003c/code\u003e (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1298\"\u003e#1298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/e46bbabb3ede15841d25946157759558dd16306e\"\u003e\u003ccode\u003ee46bbab\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 20.10.3 to 24.2.0 and document breakin...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/65d1d4804d3060875fff9f9fa8a49e27f71ce7f0\"\u003e\u003ccode\u003e65d1d48\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1276\"\u003e#1276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/5f858e3efba33a5ca4407a664cc011ad407f2008...997185467fa4f803885201cee163a9f38240193d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What\u0027s new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/ddc45ed9bca9b38dbd643978d88e3981cdc91415\"\u003e\u003ccode\u003eddc45ed\u003c/code\u003e\u003c/a\u003e docs: update README to correct action name for Node.js 24 support\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/615b319bd27bb32c3d64dca6b6ed6974d5fbe653\"\u003e\u003ccode\u003e615b319\u003c/code\u003e\u003c/a\u003e chore: release v6.0.0 for Node.js 24 support\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/017748b48f8610ca8e6af1222f4a618e84a9c703\"\u003e\u003ccode\u003e017748b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/744\"\u003e#744\u003c/a\u003e from actions/fix-storage-blob\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/38d4c7997f5510fcc41fc4aae2a6b97becdbe7fc\"\u003e\u003ccode\u003e38d4c79\u003c/code\u003e\u003c/a\u003e chore: rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/7d27270e0cfd253e666c44abac0711308d2d042f\"\u003e\u003ccode\u003e7d27270\u003c/code\u003e\u003c/a\u003e chore: add missing license cache files for \u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/io\u003c/code\u003e, and mi...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/5f643d3c9475505ccaf26d686ffbfb71a8387261\"\u003e\u003ccode\u003e5f643d3\u003c/code\u003e\u003c/a\u003e chore: update license files for \u003ccode\u003e@​actions/artifact\u003c/code\u003e\u003ca href\u003d\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.0.1 dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/1df1684032c88614064493e1a0478fcb3583e1d0\"\u003e\u003ccode\u003e1df1684\u003c/code\u003e\u003c/a\u003e chore: update package-lock.json with \u003ccode\u003e@​actions/artifact\u003c/code\u003e\u003ca href\u003d\"https://github.com/5\"\u003e\u003ccode\u003e@​5\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b5b1a918401ee270935b6b1d857ae66c85f3be6f\"\u003e\u003ccode\u003eb5b1a91\u003c/code\u003e\u003c/a\u003e fix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to ^5.0.0 for Node.js 24 punycode fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.5 to 4.31.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.7\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.6\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.6/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5d4e8d1aca955e8d8589aabd499c5cae939e33c7\"\u003e\u003ccode\u003e5d4e8d1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3371\"\u003e#3371\u003c/a\u003e from github/update-v4.31.9-998798e34\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1dc115f17a8c6966e94a6477313dd3df6319bc83\"\u003e\u003ccode\u003e1dc115f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.9\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/998798e34d79baddb1566c60bbb8f68a901c04e6\"\u003e\u003ccode\u003e998798e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3352\"\u003e#3352\u003c/a\u003e from github/nickrolfe/jar-min-ff-cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/5eb751966fe18977cdefa4e41e0f90e92801ce90\"\u003e\u003ccode\u003e5eb7519\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3358\"\u003e#3358\u003c/a\u003e from github/henrymercer/database-upload-telemetry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d29eddb39b7c33171bb0250114b1c9e3ff8fe2bc\"\u003e\u003ccode\u003ed29eddb\u003c/code\u003e\u003c/a\u003e Extract version number to constant\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e9626872ef3347a9c18091d60da647084c2451a6\"\u003e\u003ccode\u003ee962687\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/database-upload-telemetry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/19c7f96922a6269458f2cadcc23faf0ebaa1368b\"\u003e\u003ccode\u003e19c7f96\u003c/code\u003e\u003c/a\u003e Rename \u003ccode\u003eisOverlayBase\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ae5de9a20d0468cc3818a0dc5c99e456f996d9cf\"\u003e\u003ccode\u003eae5de9a\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003egetErrorMessage\u003c/code\u003e in log too\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0cb86337c5111af4ff3dc7e8f9b98c479c9ea954\"\u003e\u003ccode\u003e0cb8633\u003c/code\u003e\u003c/a\u003e Prefer \u003ccode\u003eperformance.now()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c07cc0d3a95a282fc5a54477464931c776d124ec\"\u003e\u003ccode\u003ec07cc0d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3351\"\u003e#3351\u003c/a\u003e from github/henrymercer/ghec-dr-determine-tools-vers...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "da25976b09e69e33ce59f883a1f94dd653733943", "tree": "4dc50f45769fa71ad4880f1b13a97a9df790abe8", "parents": [ "b951efc07c0ba490ec483b83b1c1f27b5ca08b26" ], "author": { "name": "Ömer Sinan Ağacan", "email": "omersa@google.com", "time": "Tue Dec 16 03:15:01 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 15 19:15:01 2025 -0800" }, "message": "Improve canUseSpecialChars on Linux and Mac (#2545)\n\nFix output to non-terminals which are unlikely to support ascii escape\ncharacters. Prior implementation was overly optimistic for linux and mac\nand always allowed ascii because the SDK implementation checking support\nis contrarily overly restrictive. Add at least a check for a interactive\nterminal to fix some false positives." }, { "commit": "b951efc07c0ba490ec483b83b1c1f27b5ca08b26", "tree": "02220949766db67699705054b3f35ce747a20192", "parents": [ "750614722a735f421107b5332f3a17e324cc6c92" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Dec 15 19:11:51 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 15 19:11:51 2025 -0800" }, "message": "Support --version in pub workspace (#2538)\n\nCloses #2535\n\nAdd a check for the `workspace_ref.json` file in place of the\n`pubspec.lock` file that exists for single package pub solutions.\n\nWhen the workspace ref exists, follow it and read the\n`package_graph.json` file from the workspace root." }, { "commit": "750614722a735f421107b5332f3a17e324cc6c92", "tree": "9926639cdf86c8e90ce9bbed709738900ec991ff", "parents": [ "462b474b01a45cbb55fcd1aa89b2855857207f96" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Dec 12 17:10:16 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Dec 12 17:10:16 2025 -0800" }, "message": "Hide skip reasons in compact and failure reporters (#2578)\n\nCloses #2546, Fixes #2542\n\nSkipped tests with messages can cause noisy output in otherwise very\nshort test run logs. In most cases the skip messages are not useful, so\nsuppress them by default. They can still be seen in the expanded\nreporter. Expand the final output when there are skipped tests since the\notherwise obvious yellow lines are no longer shown.\n\nAdd support for testing against disallowed output in the compact\nreporter tests. Existing tests ignore unexpected output that comes\nbetween any expected lines." }, { "commit": "462b474b01a45cbb55fcd1aa89b2855857207f96", "tree": "fd13aad9b714832859e809ae9b80bcc184fc3533", "parents": [ "30aa5410583846295981bedbe1d1febedc7006c6" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Thu Dec 11 12:59:53 2025 +1100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Dec 11 12:59:53 2025 +1100" }, "message": "[coverage] Support workspaces in coverage filters (#2574)\n\n" }, { "commit": "30aa5410583846295981bedbe1d1febedc7006c6", "tree": "46f65561d76ab8ea7bb1df44dda7bffe51c33bfb", "parents": [ "c15153b9618afc4c5e8a43bac43339de130c2149" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Dec 08 17:54:21 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 08 17:54:21 2025 -0800" }, "message": "Require a definition named `main` in test suites (#2569)\n\nCloses #2567\n\nThe error when there is a compilation failure due to a missing `main` is\nless direct than it could be and exposes details of wrapping the test\nsuite in another library. Add an explicit check for a function declared\nwith that name when parsing metadata before attempting any compiles.\n\nAdd a check to `parseMetadata` that throws a `FormatException` if there\nis no function declared directly in the library named `main`. This will\nprevent some previously working designs such as exposing a main in a\npart or with `export`, but we do not expect those designs are used in\npractice." }, { "commit": "c15153b9618afc4c5e8a43bac43339de130c2149", "tree": "a3673bd4576808d145853a8766b73ea2eab274fe", "parents": [ "bbad7a26f1175af929097e7978c808ff8aaa214a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Dec 01 03:11:24 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 01 03:11:24 2025 +0000" }, "message": "Bump the github-actions group with 2 updates (#2568)\n\nBumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/checkout` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href\u003d\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eV6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href\u003d\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NPM dependencies by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1703\"\u003eactions/checkout#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1694\"\u003eactions/checkout#1694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 1 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1696\"\u003eactions/checkout#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 2 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1695\"\u003eactions/checkout#1695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.2 to 4.31.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.5\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.5/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.4\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.4/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.3 - 13 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/\"\u003eUpcoming deprecation of CodeQL Action v3\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3288\"\u003e#3288\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.6 - 02 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3168\"\u003e#3168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fdbfb4d2750291e159f0156def62b853c2798ca2\"\u003e\u003ccode\u003efdbfb4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3322\"\u003e#3322\u003c/a\u003e from github/update-v4.31.5-ec2ee575c\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/81f6d649ae64626b3035526b0389bfa8802b6df3\"\u003e\u003ccode\u003e81f6d64\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ec2ee575c053869d197f516146096427e08da443\"\u003e\u003ccode\u003eec2ee57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3321\"\u003e#3321\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.23.6\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ecc87875ee10fd563cebc295e45bea8312e2ce49\"\u003e\u003ccode\u003eecc8787\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1d2a238d7d52b563f78fb3bf1deebc2b18d98eb1\"\u003e\u003ccode\u003e1d2a238\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.23.6\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ce729e4d353d580e6cacd6a8cf2921b72e5e310a\"\u003e\u003ccode\u003ece729e4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3315\"\u003e#3315\u003c/a\u003e from github/henrymercer/dead-code-elimination\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ac359aad20e59fd46ecd05e63c6d4b99cad25272\"\u003e\u003ccode\u003eac359aa\u003c/code\u003e\u003c/a\u003e Add return type\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/112cd075bdb9b3b9ec911ae7c5980f2fa5f2cca1\"\u003e\u003ccode\u003e112cd07\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/dead-code-elimination\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0b4317954f4f86bf5df18ed38d9987fb1d2ec4ad\"\u003e\u003ccode\u003e0b43179\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3306\"\u003e#3306\u003c/a\u003e from github/dependabot/npm_and_yarn/types/sinon-21.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e818008b54314bea8e06c423f952d06c0d1f1b7f\"\u003e\u003ccode\u003ee818008\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3305\"\u003e#3305\u003c/a\u003e from github/dependabot/npm_and_yarn/eslint/compat-2.0.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...fdbfb4d2750291e159f0156def62b853c2798ca2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "bbad7a26f1175af929097e7978c808ff8aaa214a", "tree": "4271179ae308305e612ff499ce07d1556b193534", "parents": [ "cba5c15f7be6677b5620741f59a0eb8c35fb2c2e" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed Nov 26 11:07:45 2025 +1100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Nov 26 11:07:45 2025 +1100" }, "message": "Add `--coverage-package` option (#2566)\n\n" }, { "commit": "cba5c15f7be6677b5620741f59a0eb8c35fb2c2e", "tree": "49d3102b20fe24f34ae7efe71d5b03027a8c931e", "parents": [ "31694548f48bcccbefcef8109e3a48149289b3f9" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Nov 20 16:42:35 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Nov 20 16:42:35 2025 -0800" }, "message": "Prepare to publish package:test (#2565)\n\nSwitch to a feature version bump, this was missed in the PR to add the\n`matcher` related changelogs." }, { "commit": "31694548f48bcccbefcef8109e3a48149289b3f9", "tree": "2083b907af8dd9592a9e7d40beb30fe96b691492", "parents": [ "5ef2dd94c057319376a88e9839932f905ed3da1e" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Nov 20 15:34:56 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Nov 20 15:34:56 2025 -0800" }, "message": "Prepare to publish matcher (#2564)\n\nDrop `-wip` from the version and extend the `test` constraint to allow\nthe latest.\n\nAdd changes to `test` changelog since it exports the APIs and these\nchanges are user facing." }, { "commit": "5ef2dd94c057319376a88e9839932f905ed3da1e", "tree": "08b19f3fb18065884afb14f090d3a0c75f9dcf35", "parents": [ "80a49347e4a3dbc3ed70782df5e8c76a67f9256c" ], "author": { "name": "Felix Angelov", "email": "felangelov@gmail.com", "time": "Thu Nov 20 17:20:44 2025 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Nov 20 15:20:44 2025 -0800" }, "message": "fix(test_core): fix `writeCoverage` to handle a `null` hit map (#2563)\n\n" }, { "commit": "80a49347e4a3dbc3ed70782df5e8c76a67f9256c", "tree": "d2fdcec26664f27db062768ca86e633acf04f429", "parents": [ "1a6c5ac47ac803c78b9b225ebb4b1bc8eb394d6d" ], "author": { "name": "greenart7c3", "email": "115044884+greenart7c3@users.noreply.github.com", "time": "Wed Nov 12 16:25:59 2025 -0300" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Nov 12 11:25:59 2025 -0800" }, "message": "removed unused js dependency (#2560)\n\nFixes #2480 " }, { "commit": "1a6c5ac47ac803c78b9b225ebb4b1bc8eb394d6d", "tree": "0cc458bd943aa97217d08ae8145c0522878ee1ea", "parents": [ "6b81a26875b93baea06497f5f8dbe0218a7758b4" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Nov 10 17:14:42 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Nov 10 17:14:42 2025 -0800" }, "message": "Prepare to publish (#2559)\n\nClean up changelogs and drop `-wip`." }, { "commit": "6b81a26875b93baea06497f5f8dbe0218a7758b4", "tree": "1fbf3184647a0946021d62a9745ee0f54c9eeefa", "parents": [ "961e4725259665d9adfd963b60720e5ac76c2d8e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Nov 01 03:13:08 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Nov 01 03:13:08 2025 +0000" }, "message": "Bump the github-actions group with 3 updates (#2557)\n\nBumps the github-actions group with 3 updates: [actions/stale](https://github.com/actions/stale), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/stale` from 10.0.0 to 10.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonly-issue-types\u003c/code\u003e option to filter issues by type by \u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1255\"\u003eactions/stale#1255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1255\"\u003eactions/stale#1255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v10...v10.1.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/blob/main/CHANGELOG.md\"\u003eactions/stale\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch1\u003e[10.1.0]\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd only-issue-types option to filter issues by type by \u003ca href\u003d\"https://github.com/Bibo-Joshi\"\u003e\u003ccode\u003e@​Bibo-Joshi\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1255\"\u003eactions/stale#1255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e[10.0.0]\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1279\"\u003eactions/stale#1279\u003c/a\u003e\nMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIntroducing sort-by option by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1254\"\u003eactions/stale#1254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Upgrades\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1186\"\u003eactions/stale#1186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.4 to 5.28.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1201\"\u003eactions/stale#1201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.0 to 4.0.2 by \u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1226\"\u003eactions/stale#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.2 to 4.0.3 by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1233\"\u003eactions/stale#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.5 to 5.29.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1251\"\u003eactions/stale#1251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to bring in fix for critical vulnerability by \u003ca href\u003d\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1277\"\u003eactions/stale#1277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChangelog update for recent releases by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1224\"\u003eactions/stale#1224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePermissions update in Readme by \u003ca href\u003d\"https://github.com/ghadimir\"\u003e\u003ccode\u003e@​ghadimir\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1248\"\u003eactions/stale#1248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e[9.1.0]\u003c/h1\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update by \u003ca href\u003d\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1116\"\u003eactions/stale#1116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href\u003d\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1179\"\u003eactions/stale#1179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate undici from 5.28.2 to 5.28.4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1150\"\u003eactions/stale#1150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1091\"\u003eactions/stale#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/publish-action from 0.2.2 to 0.3.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1147\"\u003eactions/stale#1147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate ts-jest from 29.1.1 to 29.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1175\"\u003eactions/stale#1175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.10.1 to 1.11.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1191\"\u003eactions/stale#1191\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​types/jest\u003c/code\u003e from 29.5.11 to 29.5.14 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1193\"\u003eactions/stale#1193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​actions/cache\u003c/code\u003e from 3.2.2 to 4.0.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1194\"\u003eactions/stale#1194\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e[9.0.0]\u003c/h1\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAction is now stateful: If the action ends because of \u003ca href\u003d\"https://github.com/actions/stale#operations-per-run\"\u003eoperations-per-run\u003c/a\u003e then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.\u003c/li\u003e\n\u003cli\u003eVersion 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/5f858e3efba33a5ca4407a664cc011ad407f2008\"\u003e\u003ccode\u003e5f858e3\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eonly-issue-types\u003c/code\u003e option to filter issues by type (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1255\"\u003e#1255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/3a9db7e6a41a89f618792c92c0e97cc736e1b13f...5f858e3efba33a5ca4407a664cc011ad407f2008\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we\u0027re treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href\u003d\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4\"\u003e\u003ccode\u003e330a01c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/734\"\u003e#734\u003c/a\u003e from actions/danwkennedy/prepare-5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/03f282445299bbefc96171af272a984663b63a26\"\u003e\u003ccode\u003e03f2824\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003egithub.dep.yml\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/905a1ecb5915b264cbc519e4eb415b5d82916018\"\u003e\u003ccode\u003e905a1ec\u003c/code\u003e\u003c/a\u003e Prepare \u003ccode\u003ev5.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/2d9f9cdfa99fedaddba68e9b5b5c281eca26cc63\"\u003e\u003ccode\u003e2d9f9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/725\"\u003e#725\u003c/a\u003e from patrikpolyak/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/9687587dec67f2a8bc69104e183d311c42af6d6f\"\u003e\u003ccode\u003e9687587\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/2848b2cda0e5190984587ec6bb1f36730ca78d50\"\u003e\u003ccode\u003e2848b2c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/727\"\u003e#727\u003c/a\u003e from danwkennedy/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/9b511775fd9ce8c5710b38eea671f856de0e70a7\"\u003e\u003ccode\u003e9b51177\u003c/code\u003e\u003c/a\u003e Spell out the first use of GHES\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/cd231ca1eda77976a84805c4194a1954f56b0727\"\u003e\u003ccode\u003ecd231ca\u003c/code\u003e\u003c/a\u003e Update GHES guidance to include reference to Node 20 version\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/de65e23aa2b7e23d713bb51fbfcb6d502f8667d8\"\u003e\u003ccode\u003ede65e23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/712\"\u003e#712\u003c/a\u003e from actions/nebuk89-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/8747d8cd7632611ad6060b528f3e0f654c98869c\"\u003e\u003ccode\u003e8747d8c\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.30.5 to 4.31.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.31.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.31.0\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.31.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.30.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev4.30.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.2 - 30 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.1 - 30 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eadd-snippets\u003c/code\u003e input has been removed from the \u003ccode\u003eanalyze\u003c/code\u003e action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.0 - 24 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.17.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3223\"\u003e#3223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen SARIF files are uploaded by the \u003ccode\u003eanalyze\u003c/code\u003e or \u003ccode\u003eupload-sarif\u003c/code\u003e actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the \u003ccode\u003eupload-sarif\u003c/code\u003e action. For \u003ccode\u003eanalyze\u003c/code\u003e, this may affect Advanced Setup for CodeQL users who specify a value other than \u003ccode\u003ealways\u003c/code\u003e for the \u003ccode\u003eupload\u003c/code\u003e input. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3222\"\u003e#3222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.9 - 17 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3205\"\u003e#3205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: A new \u003ccode\u003esetup-codeql\u003c/code\u003e action has been added which is similar to \u003ccode\u003einit\u003c/code\u003e, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3204\"\u003e#3204\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.30.8 - 10 Oct 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.30.7 - 06 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v4+ only] The CodeQL Action now runs on Node.js v24. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3169\"\u003e#3169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.6 - 02 Oct 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3168\"\u003e#3168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0499de31b99561a6d14a36a5f662c2a54f91beee\"\u003e\u003ccode\u003e0499de3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3261\"\u003e#3261\u003c/a\u003e from github/henrymercer/setup-python\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3b96745d2bb2af9f01a0c9a19f4ffd034ae37879\"\u003e\u003ccode\u003e3b96745\u003c/code\u003e\u003c/a\u003e Set up Python in mergeback workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8a06050a8c0348fb4738f28e0cfbb6727cf054ce\"\u003e\u003ccode\u003e8a06050\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3259\"\u003e#3259\u003c/a\u003e from github/update-v4.31.2-9576b5cbe\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/752a642cb25304f2aaae33cfcc3911673bf65aca\"\u003e\u003ccode\u003e752a642\u003c/code\u003e\u003c/a\u003e Update changelog for v4.31.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9576b5cbe818ddefe4e1b444017536fe40b9ab2d\"\u003e\u003ccode\u003e9576b5c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3258\"\u003e#3258\u003c/a\u003e from github/mbg/enablement-errors/case-insensitive\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cc8843728c8296d35175b82c7f1bb3748290764a\"\u003e\u003ccode\u003ecc88437\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3257\"\u003e#3257\u003c/a\u003e from github/henrymercer/ubuntu-slim\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f0e9bf07f44488f7e3adf5ff01d04e6392b60b3b\"\u003e\u003ccode\u003ef0e9bf0\u003c/code\u003e\u003c/a\u003e Make \u003ccode\u003eisEnablementError\u003c/code\u003e case-insensitive\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2a3599c52055e7a5443d3fef8981a4d543586dde\"\u003e\u003ccode\u003e2a3599c\u003c/code\u003e\u003c/a\u003e Run lightweight workflows on \u003ccode\u003eubuntu-slim\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/514ff4d116ef04d9ffc8adb3da5abb07961cb990\"\u003e\u003ccode\u003e514ff4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3256\"\u003e#3256\u003c/a\u003e from github/henrymercer/resolve-bad-merge\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/aab1c2f9318aa4b88e7532de10fe02ac860d5ab8\"\u003e\u003ccode\u003eaab1c2f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3253\"\u003e#3253\u003c/a\u003e from github/mergeback/v4.31.1-to-main-5fe9434c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/3599b3baa15b485a2e49ef411a7a4bb2452e7f93...0499de31b99561a6d14a36a5f662c2a54f91beee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "961e4725259665d9adfd963b60720e5ac76c2d8e", "tree": "b78774dd5599887b05b1bdd17282ce5c6a92ecc3", "parents": [ "a8f97ed6edc9550959f097f5187a0307793d8d3d" ], "author": { "name": "Sam Rawlins", "email": "srawlins@google.com", "time": "Thu Oct 30 17:27:13 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Oct 30 17:27:13 2025 -0700" }, "message": "Bump requirements to allow/require analyzer 9.0.0 (#2555)\n\nUse a consistent `\u0027\u003e\u003d8.0.0 \u003c10.0.0\u0027` constraint." }, { "commit": "a8f97ed6edc9550959f097f5187a0307793d8d3d", "tree": "e7429dfd05cdc9bcb4de9cf7c23e1af664de2c10", "parents": [ "5855358095b8718712567b8abc0435ddfd125ba8" ], "author": { "name": "Wu Tingfeng", "email": "wutingfeng@outlook.com", "time": "Thu Oct 30 00:26:15 2025 +0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Oct 29 09:26:15 2025 -0700" }, "message": "Fix wasmPath for Windows + Node.js + dart2wasm combo. (#2551)\n\nUse a raw string to read without escape characters." }, { "commit": "5855358095b8718712567b8abc0435ddfd125ba8", "tree": "f91f4e916d9aca4d3a3ad7e89e8e0cc5133b1626", "parents": [ "8083c8f24ffbca58cc0385add03c296b70636e7a" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Oct 24 17:48:43 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Oct 24 17:48:43 2025 -0700" }, "message": "Add a sentence to clarify \"Platform\" (#2550)\n\nA \"platform\" in the test runner\u0027s use encompasses more detail than might\nbe expected. Add a sentence in the description of platform selectors to\nnote that it can cover details about how the code is compiled.\n\nCloses #2548" }, { "commit": "8083c8f24ffbca58cc0385add03c296b70636e7a", "tree": "479d97b83ca4ae161d4e3aa83da0863c326e2cd9", "parents": [ "a16f14975c5625ef99abc71f7e91bca5d8e55054" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Oct 03 15:28:39 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Oct 03 15:28:39 2025 -0700" }, "message": "Make all package:coverage imports conditional (#2544)\n\nThe `package:coverage` library imports `dart:io` directly and cannot be\na dependency of apps compiled to platforms without `dart:io`. All\nimports and uses of `package:coverage` must be through platform specific\nimports. Add extra indirection in the `coverage.dart` and\n`coverage_stub.dart` libraries so that `engine.dart` does not need to\nimport `package:coverage` or refer to the `HitMap` type it exports. Add\na forwarding implementation of the `merge` extension." }, { "commit": "a16f14975c5625ef99abc71f7e91bca5d8e55054", "tree": "6ddd46812e81c534e5d18e2beae8bc24b9ec908a", "parents": [ "b99d556ec6096965eb177111299c0783678200f6" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Oct 01 03:14:12 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Oct 01 03:14:12 2025 +0000" }, "message": "Bump the github-actions group with 5 updates (#2547)\n\nBumps the github-actions group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` |\n| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.0.0` |\n| [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.11` | `3.30.5` |\n\nUpdates `actions/cache` from 4.2.4 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note on runner versions by \u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev4.3.0\u003c/code\u003e release by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1655\"\u003eactions/cache#1655\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/cache/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href\u003d\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0057852bfaa89a56745cba8c7296529d2fc39830\"\u003e\u003ccode\u003e0057852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1655\"\u003e#1655\u003c/a\u003e from actions/Link-/prepare-4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/4f5ea67f1cc87b2d4239690fa12a12fc32096d68\"\u003e\u003ccode\u003e4f5ea67\u003c/code\u003e\u003c/a\u003e Update licensed cache\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9fcad95d03062fb8399cdbd79ae6041c7692b6c8\"\u003e\u003ccode\u003e9fcad95\u003c/code\u003e\u003c/a\u003e Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/638ed79f9dc94c1de1baef91bcab5edaa19451f4\"\u003e\u003ccode\u003e638ed79\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1642\"\u003e#1642\u003c/a\u003e from actions/GhadimiR-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3862dccb1765f1ff6e623be1f4fd3a5b47a30d27\"\u003e\u003ccode\u003e3862dcc\u003c/code\u003e\u003c/a\u003e Add note on runner versions\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...0057852bfaa89a56745cba8c7296529d2fc39830\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 9.1.0 to 10.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/stale/releases\"\u003eactions/stale\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1279\"\u003eactions/stale#1279\u003c/a\u003e\nMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroducing sort-by option by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1254\"\u003eactions/stale#1254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1186\"\u003eactions/stale#1186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.4 to 5.28.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1201\"\u003eactions/stale#1201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.0 to 4.0.2 by \u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1226\"\u003eactions/stale#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.2 to 4.0.3 by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1233\"\u003eactions/stale#1233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.5 to 5.29.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1251\"\u003eactions/stale#1251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to bring in fix for critical vulnerability by \u003ca href\u003d\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1277\"\u003eactions/stale#1277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChangelog update for recent releases by \u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1224\"\u003eactions/stale#1224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePermissions update in Readme by \u003ca href\u003d\"https://github.com/ghadimir\"\u003e\u003ccode\u003e@​ghadimir\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1248\"\u003eactions/stale#1248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/suyashgaonkar\"\u003e\u003ccode\u003e@​suyashgaonkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1224\"\u003eactions/stale#1224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1248\"\u003eactions/stale#1248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1277\"\u003eactions/stale#1277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/stale/pull/1279\"\u003eactions/stale#1279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/stale/compare/v9...v10.0.0\"\u003ehttps://github.com/actions/stale/compare/v9...v10.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/3a9db7e6a41a89f618792c92c0e97cc736e1b13f\"\u003e\u003ccode\u003e3a9db7e\u003c/code\u003e\u003c/a\u003e Upgrade to node 24 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1279\"\u003e#1279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/8f717f0dfca33b78d3c933452e42558e4456c8e7\"\u003e\u003ccode\u003e8f717f0\u003c/code\u003e\u003c/a\u003e Bumps form-data (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1277\"\u003e#1277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/a92fd57ffeff1a7d5e9f90394c229c1cebb74321\"\u003e\u003ccode\u003ea92fd57\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 5.28.5 to 5.29.0 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1251\"\u003e#1251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/128b2c81d01bedfe5b59d56fc08176aecd3fe6b9\"\u003e\u003ccode\u003e128b2c8\u003c/code\u003e\u003c/a\u003e Introducing sort-by option (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1254\"\u003e#1254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/f78de9780efb7a789cf4745957fa3374cbb94fd5\"\u003e\u003ccode\u003ef78de97\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1248\"\u003e#1248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/816d9db1aba399a7f70277f1a2b01a4d21497fdd\"\u003e\u003ccode\u003e816d9db\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003e@​action/cache\u003c/code\u003e from 4.0.2 to 4.0.3 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1233\"\u003e#1233\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/ba23c1cb02e5cb8f885b0994d870e6032be00186\"\u003e\u003ccode\u003eba23c1c\u003c/code\u003e\u003c/a\u003e upgrade actions/cache from 4.0.0 to 4.0.2 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/a65e88a9b971cb99d742d9a25b2f8614e10577e9\"\u003e\u003ccode\u003ea65e88a\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 5.28.4 to 5.28.5 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1201\"\u003e#1201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/d4df79c5919b10352b8f29b9699b7acdc5500ebc\"\u003e\u003ccode\u003ed4df79c\u003c/code\u003e\u003c/a\u003e Updates to CHANGELOG.MD for recent releases (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1224\"\u003e#1224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/stale/commit/ee7ef89499a3de6e4fe1fc1acb994e67c64e0a2a\"\u003e\u003ccode\u003eee7ef89\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (\u003ca href\u003d\"https://redirect.github.com/actions/stale/issues/1186\"\u003e#1186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/stale/compare/5bef64f19d7facfb25b37b414482c7164d639639...3a9db7e6a41a89f618792c92c0e97cc736e1b13f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/labeler` from 5.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/labeler/releases\"\u003eactions/labeler\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade publish-action from 0.2.2 to 0.4.0 by \u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/901\"\u003eactions/labeler#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/901\"\u003eactions/labeler#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/labeler/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/actions/labeler/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href\u003d\"https://github.com/jcambass\"\u003e\u003ccode\u003e@​jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/802\"\u003eactions/labeler#802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Node.js version to 24 in action and dependencies \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/891\"\u003eactions/labeler#891\u003c/a\u003e\nMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade eslint-config-prettier from 9.0.0 to 9.1.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/711\"\u003eactions/labeler#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint from 8.52.0 to 8.55.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/720\"\u003eactions/labeler#720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/jest\u003c/code\u003e from 29.5.6 to 29.5.11 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/719\"\u003eactions/labeler#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/js-yaml\u003c/code\u003e from 4.0.8 to 4.0.9 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/718\"\u003eactions/labeler#718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e from 6.9.0 to 6.14.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/717\"\u003eactions/labeler#717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.0.3 to 3.1.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/726\"\u003eactions/labeler#726\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint from 8.55.0 to 8.56.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/725\"\u003eactions/labeler#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e from 6.14.0 to 6.19.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/745\"\u003eactions/labeler#745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/744\"\u003eactions/labeler#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/eslint-plugin\u003c/code\u003e from 6.9.0 to 6.20.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/750\"\u003eactions/labeler#750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.1.1 to 3.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/752\"\u003eactions/labeler#752\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.26.5 to 5.28.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/757\"\u003eactions/labeler#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade braces from 3.0.2 to 3.0.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/789\"\u003eactions/labeler#789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 9.0.3 to 10.0.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/805\"\u003eactions/labeler#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.10.1 to 1.11.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/811\"\u003eactions/labeler#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade typescript from 5.4.3 to 5.7.2 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/819\"\u003eactions/labeler#819\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e from 7.3.1 to 8.17.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/824\"\u003eactions/labeler#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.2.5 to 3.4.2 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/825\"\u003eactions/labeler#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/jest\u003c/code\u003e from 29.5.12 to 29.5.14 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/827\"\u003eactions/labeler#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/832\"\u003eactions/labeler#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade ts-jest from 29.1.2 to 29.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/831\"\u003eactions/labeler#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​vercel/ncc\u003c/code\u003e from 0.38.1 to 0.38.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/830\"\u003eactions/labeler#830\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade typescript from 5.7.2 to 5.7.3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/835\"\u003eactions/labeler#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/839\"\u003eactions/labeler#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.4 to 5.28.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/842\"\u003eactions/labeler#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​octokit/request-error\u003c/code\u003e from 5.0.1 to 5.1.1 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/846\"\u003eactions/labeler#846\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note regarding \u003ccode\u003epull_request_target\u003c/code\u003e to README.md by \u003ca href\u003d\"https://github.com/silverwind\"\u003e\u003ccode\u003e@​silverwind\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/669\"\u003eactions/labeler#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate readme with additional examples and important note about \u003ccode\u003epull_request_target\u003c/code\u003e event by \u003ca href\u003d\"https://github.com/IvanZosimov\"\u003e\u003ccode\u003e@​IvanZosimov\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/721\"\u003eactions/labeler#721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument update - permission section by \u003ca href\u003d\"https://github.com/harithavattikuti\"\u003e\u003ccode\u003e@​harithavattikuti\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/labeler/pull/840\"\u003eactions/labeler#840\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/634933edcd8ababfe52f92936142cc22ac488b1b\"\u003e\u003ccode\u003e634933e\u003c/code\u003e\u003c/a\u003e publish-action upgrade to 0.4.0 from 0.2.2 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/f1a63e87db0c6baf19c5713083f8d00d789ca184\"\u003e\u003ccode\u003ef1a63e8\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24 in action and dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/891\"\u003e#891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/b0a1180683c9f17424de4d71c044bea4c7b9bc7c\"\u003e\u003ccode\u003eb0a1180\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​octokit/request-error\u003c/code\u003e from 5.0.1 to 5.1.1 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/846\"\u003e#846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/110d44140c9195b853f2f24044bbfed8f4968efb\"\u003e\u003ccode\u003e110d441\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/871\"\u003e#871\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/bee50fefe18762fad67754b2f3bfff2c8082ebb8\"\u003e\u003ccode\u003ebee50fe\u003c/code\u003e\u003c/a\u003e Bump undici from 5.28.4 to 5.28.5 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/842\"\u003e#842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/6463cdb00ee92c05bec55dffc4e1fce250301945\"\u003e\u003ccode\u003e6463cdb\u003c/code\u003e\u003c/a\u003e Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/839\"\u003e#839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/c209686724ee12fcc5e6294d1d569b91f86fa691\"\u003e\u003ccode\u003ec209686\u003c/code\u003e\u003c/a\u003e Bump typescript from 5.7.2 to 5.7.3 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/5184940b544b0096088a7b42d1b8a551003d9eb1\"\u003e\u003ccode\u003e5184940\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​vercel/ncc\u003c/code\u003e from 0.38.1 to 0.38.3 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/830\"\u003e#830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/3629d5568b59204f18786372f6d740d649719488\"\u003e\u003ccode\u003e3629d55\u003c/code\u003e\u003c/a\u003e Document update - permission section (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/labeler/commit/d24f7f3731b2a06433c0bccc364d560c5329c48f\"\u003e\u003ccode\u003ed24f7f3\u003c/code\u003e\u003c/a\u003e Bump ts-jest from 29.1.2 to 29.2.5 (\u003ca href\u003d\"https://redirect.github.com/actions/labeler/issues/831\"\u003e#831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/labeler/compare/8558fd74291d67161a8a78ce36a881fa63b766a9...634933edcd8ababfe52f92936142cc22ac488b1b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ossf/scorecard-action` from 2.4.2 to 2.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eThis update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.3.0\"\u003eScorecard v5.3.0 release notes\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e permissions needed for private repos by \u003ca href\u003d\"https://github.com/pankajtaneja5\"\u003e\u003ccode\u003e@​pankajtaneja5\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1574\"\u003eossf/scorecard-action#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:book: Fix recommended command to test the image in development by \u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1583\"\u003eossf/scorecard-action#1583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing top-level token permissions to workflows by \u003ca href\u003d\"https://github.com/timothyklee\"\u003e\u003ccode\u003e@​timothyklee\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1566\"\u003eossf/scorecard-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esetup codeowners for requesting reviews by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1576\"\u003eossf/scorecard-action#1576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:seedling: Improve printing options by \u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1584\"\u003eossf/scorecard-action#1584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/timothyklee\"\u003e\u003ccode\u003e@​timothyklee\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1566\"\u003eossf/scorecard-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/pankajtaneja5\"\u003e\u003ccode\u003e@​pankajtaneja5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1574\"\u003eossf/scorecard-action#1574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/deivid-rodriguez\"\u003e\u003ccode\u003e@​deivid-rodriguez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1584\"\u003eossf/scorecard-action#1584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a\"\u003e\u003ccode\u003e4eaacf0\u003c/code\u003e\u003c/a\u003e bump docker to ghcr v2.4.3 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a\"\u003e\u003ccode\u003e42e3a01\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 3 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1585\"\u003e#1585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15\"\u003e\u003ccode\u003e88c07ac\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1579\"\u003e#1579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128\"\u003e\u003ccode\u003e6c690f2\u003c/code\u003e\u003c/a\u003e Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd\"\u003e\u003ccode\u003e92083b5\u003c/code\u003e\u003c/a\u003e :book: Fix recommended command to test the image in development (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1583\"\u003e#1583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9\"\u003e\u003ccode\u003e7975ea6\u003c/code\u003e\u003c/a\u003e :seedling: Bump the docker-images group across 1 directory with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf\"\u003e\u003ccode\u003e0d1a743\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7\"\u003e\u003ccode\u003e46e6e0c\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1580\"\u003e#1580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d\"\u003e\u003ccode\u003ec3f1350\u003c/code\u003e\u003c/a\u003e :seedling: Improve printing options (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1584\"\u003e#1584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a\"\u003e\u003ccode\u003e43e475b\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1578\"\u003e#1578\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.29.11 to 3.30.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.5\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.4\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.3\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.30.2 - 09 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug which could cause language autodetection to fail. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3084\"\u003e#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: The \u003ccode\u003equality-queries\u003c/code\u003e input that was added in \u003ccode\u003e3.29.2\u003c/code\u003e as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3064\"\u003e#3064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.30.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.30.5 - 26 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe fixed a bug that was introduced in \u003ccode\u003e3.30.4\u003c/code\u003e with \u003ccode\u003eupload-sarif\u003c/code\u003e which resulted in files without a \u003ccode\u003e.sarif\u003c/code\u003e extension not getting uploaded. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3160\"\u003e#3160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.4 - 25 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved the CodeQL Action\u0027s ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3099\"\u003e#3099\u003c/a\u003e and \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3100\"\u003e#3100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3107\"\u003e#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eYou can now run the latest CodeQL nightly bundle by passing \u003ccode\u003etools: nightly\u003c/code\u003e to the \u003ccode\u003einit\u003c/code\u003e action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3130\"\u003e#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3118\"\u003e#3118\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.3 - 10 Sep 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.30.2 - 09 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug which could cause language autodetection to fail. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3084\"\u003e#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExperimental: The \u003ccode\u003equality-queries\u003c/code\u003e input that was added in \u003ccode\u003e3.29.2\u003c/code\u003e as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3064\"\u003e#3064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.1 - 05 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.30.0 - 01 Sep 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3599b3baa15b485a2e49ef411a7a4bb2452e7f93\"\u003e\u003ccode\u003e3599b3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3161\"\u003e#3161\u003c/a\u003e from github/update-v3.30.5-0a67bd46a\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2ca0085e584affd600efbd3930bc90e48dbacb46\"\u003e\u003ccode\u003e2ca0085\u003c/code\u003e\u003c/a\u003e Update changelog for v3.30.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0a67bd46a0f456ddad9e4b732137f519280275db\"\u003e\u003ccode\u003e0a67bd4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3160\"\u003e#3160\u003c/a\u003e from github/mbg/fix/upload-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8e34f2f3bf0f3f0b192913b0e0f234372329699b\"\u003e\u003ccode\u003e8e34f2f\u003c/code\u003e\u003c/a\u003e Add changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/0b7fc5664842c1a6bb23c4ef64b85438afcb76c5\"\u003e\u003ccode\u003e0b7fc56\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eupload-sarif\u003c/code\u003e not uploading non-\u003ccode\u003e.sarif\u003c/code\u003e files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca\"\u003e\u003ccode\u003e94a9b7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3155\"\u003e#3155\u003c/a\u003e from github/mbg/node/no-install-in-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a0ae9ba2026911d58db9df06e6b074d8ef6c24c9\"\u003e\u003ccode\u003ea0ae9ba\u003c/code\u003e\u003c/a\u003e Log what the script is doing\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b27a8ef21f72b5c541232d50400874a3f0a374b9\"\u003e\u003ccode\u003eb27a8ef\u003c/code\u003e\u003c/a\u003e Exit if running in an Actions workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65925679a36e83b45b5f1673869dabf891669742\"\u003e\u003ccode\u003e6592567\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3139\"\u003e#3139\u003c/a\u003e from github/henrymercer/fix-log-message\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fa64a7dee67e389b18445aa15d26426512d9ab97\"\u003e\u003ccode\u003efa64a7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3154\"\u003e#3154\u003c/a\u003e from github/mbg/node/check-up-to-date-deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...3599b3baa15b485a2e49ef411a7a4bb2452e7f93\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "b99d556ec6096965eb177111299c0783678200f6", "tree": "f878a732e61b6effc9c46fb76772c5fadcafb72b", "parents": [ "abe4939b290fae8a1a38f2b2c37d49700a10c606" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Sep 01 06:00:25 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Sep 01 06:00:25 2025 +0000" }, "message": "Bump the github-actions group across 1 directory with 3 updates (#2534)\n\nBumps the github-actions group with 3 updates in the / directory: [actions/cache](https://github.com/actions/cache), [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 4.2.3 to 4.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ccode\u003e4.0.5\u003c/code\u003e and move \u003ccode\u003e@protobuf-ts/plugin\u003c/code\u003e to dev depdencies by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1634\"\u003eactions/cache#1634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release \u003ccode\u003e4.2.4\u003c/code\u003e by \u003ca href\u003d\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1636\"\u003eactions/cache#1636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4...v4.2.4\"\u003ehttps://github.com/actions/cache/compare/v4...v4.2.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.2.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed restore \u003ccode\u003efail-on-cache-miss\u003c/code\u003e not working.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0400d5f644dc74513175e3cd8d07132dd4860809\"\u003e\u003ccode\u003e0400d5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1636\"\u003e#1636\u003c/a\u003e from actions/Link-/release-4.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/374a27f26986edd8c430f386d152a856e179c0ae\"\u003e\u003ccode\u003e374a27f\u003c/code\u003e\u003c/a\u003e Prepare release 4.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/358a7306cd9d78ceffc19271e69cd8528462fccf\"\u003e\u003ccode\u003e358a730\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1634\"\u003e#1634\u003c/a\u003e from actions/Link-/optimise-deps\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/2ee706ef74683b68fd97d45e549070fc28642768\"\u003e\u003ccode\u003e2ee706e\u003c/code\u003e\u003c/a\u003e Fix with another approach\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/94f7b5d9135a3af2d928e87120da293c9a920f90\"\u003e\u003ccode\u003e94f7b5d\u003c/code\u003e\u003c/a\u003e Fix bundle exec\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/c36116c3f4852e9868973e98be949d101f296afa\"\u003e\u003ccode\u003ec36116c\u003c/code\u003e\u003c/a\u003e Fix the workflow to use licensed from source\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/320fe7d56bfd8d9e7b7694dce399643f5b61d580\"\u003e\u003ccode\u003e320fe7d\u003c/code\u003e\u003c/a\u003e Update the licensed workflow to use the latest version\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/d81cc477d92d48462edee5b1e53b15613993e818\"\u003e\u003ccode\u003ed81cc47\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/de243982c557f21f36de55f0c01cd6a8e7a6aa71\"\u003e\u003ccode\u003ede24398\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/e7b6a9cc9d34d03fd2bf2834b35a8b9e82faa8e5\"\u003e\u003ccode\u003ee7b6a9c\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​protobuf-ts/plugin\u003c/code\u003e to dev dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...0400d5f644dc74513175e3cd8d07132dd4860809\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 4.2.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/releases\"\u003eactions/checkout\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href\u003d\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/checkout/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release v4.3.0 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2237\"\u003eactions/checkout#2237\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/checkout/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/checkout/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eV5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eV4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href\u003d\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href\u003d\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href\u003d\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href\u003d\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href\u003d\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href\u003d\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href\u003d\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href\u003d\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout\u0027s own workflows to a known, good, stable version. by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NPM dependencies by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1703\"\u003eactions/checkout#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 2 to 3 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1694\"\u003eactions/checkout#1694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 1 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1696\"\u003eactions/checkout#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 2 to 4 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1695\"\u003eactions/checkout#1695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME: Suggest \u003ccode\u003euser.email\u003c/code\u003e to be \u003ccode\u003e41898282+github-actions[bot]@users.noreply.github.com\u003c/code\u003e by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1707\"\u003eactions/checkout#1707\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable \u003ccode\u003eextensions.worktreeConfig\u003c/code\u003e when disabling \u003ccode\u003esparse-checkout\u003c/code\u003e by \u003ca href\u003d\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1692\"\u003eactions/checkout#1692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd dependabot config by \u003ca href\u003d\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1688\"\u003eactions/checkout#1688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-actions-dependencies group with 2 updates by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1693\"\u003eactions/checkout#1693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump word-wrap from 1.2.3 to 1.2.5 by \u003ca href\u003d\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/checkout/pull/1643\"\u003eactions/checkout#1643\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.3\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917\"\u003e\u003ccode\u003e9f26565\u003c/code\u003e\u003c/a\u003e Update actions checkout to use node 24 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2226\"\u003e#2226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/08eba0b27e820071cde6df949e0beb9ba4906955\"\u003e\u003ccode\u003e08eba0b\u003c/code\u003e\u003c/a\u003e Prepare release v4.3.0 (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2237\"\u003e#2237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/631c7dc4f80f88219c5ee78fee08c6b62fac8da1\"\u003e\u003ccode\u003e631c7dc\u003c/code\u003e\u003c/a\u003e Update package dependencies (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/8edcb1bdb4e267140fa742c62e395cd74f332709\"\u003e\u003ccode\u003e8edcb1b\u003c/code\u003e\u003c/a\u003e Update CODEOWNERS for actions (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2224\"\u003e#2224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/09d2acae674a48949e3602304ab46fd20ae0c42f\"\u003e\u003ccode\u003e09d2aca\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2194\"\u003e#2194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/85e6279cec87321a52edac9c87bce653a07cf6c2\"\u003e\u003ccode\u003e85e6279\u003c/code\u003e\u003c/a\u003e Adjust positioning of user email note and permissions heading (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/009b9ae9e446ad8d9b8c809870b0fbcc5e03573e\"\u003e\u003ccode\u003e009b9ae\u003c/code\u003e\u003c/a\u003e Documentation update - add recommended permissions to Readme (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/2043\"\u003e#2043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/cbb722410c2e876e24abbe8de2cc27693e501dcb\"\u003e\u003ccode\u003ecbb7224\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/1977\"\u003e#1977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/checkout/commit/3b9b8c884f6b4bb4d5be2779c26374abadae0871\"\u003e\u003ccode\u003e3b9b8c8\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href\u003d\"https://redirect.github.com/actions/checkout/issues/1971\"\u003e#1971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.29.2 to 3.29.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.29.11\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.11/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.8\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the Action would autodetect unsupported languages such as HTML. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.8/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.7\u003c/h2\u003e\n\u003cp\u003eThis is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.\u003c/p\u003e\n\u003ch2\u003ev3.29.6\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.11 - 21 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.10 - 18 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.9 - 12 Aug 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.8 - 08 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where the Action would autodetect unsupported languages such as HTML. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.7 - 07 Aug 2025\u003c/h2\u003e\n\u003cp\u003eThis release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.\u003c/p\u003e\n\u003ch2\u003e3.29.6 - 07 Aug 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003ecleanup-level\u003c/code\u003e input to the \u003ccode\u003eanalyze\u003c/code\u003e Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2999\"\u003e#2999\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/3000\"\u003e#3000\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.5 - 29 Jul 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2986\"\u003e#2986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.4 - 23 Jul 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.3 - 21 Jul 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3c3833e0f8c1c83d449a7478aa59c036a9165498\"\u003e\u003ccode\u003e3c3833e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3052\"\u003e#3052\u003c/a\u003e from github/update-v3.29.11-14148a433\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8c4bfbd99ba6ef652eca12461ad7618142e00679\"\u003e\u003ccode\u003e8c4bfbd\u003c/code\u003e\u003c/a\u003e Update changelog for v3.29.11\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/14148a433d789d9b6c7dadb56d8e3f8ad1e59605\"\u003e\u003ccode\u003e14148a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3044\"\u003e#3044\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.22.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/71b2cb38a1e682cb9b2453a5f1400eef870a37df\"\u003e\u003ccode\u003e71b2cb3\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2bf78254cceec27aab20b1623ba68c63c6eb85c6\"\u003e\u003ccode\u003e2bf7825\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.22.4\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/db69a5182d331d562e511302ae3c9aafd5fada6c\"\u003e\u003ccode\u003edb69a51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3049\"\u003e#3049\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a68d47bfa574c69f3de7d6484cf28a9c55ff7287\"\u003e\u003ccode\u003ea68d47b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3050\"\u003e#3050\u003c/a\u003e from github/henrymercer/init-not-called-config-error\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e496ff959372e828f30b1518fd22cb76170cf5db\"\u003e\u003ccode\u003ee496ff9\u003c/code\u003e\u003c/a\u003e Make \u0026quot;init not called\u0026quot; a configuration error\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/fd2ea72d34cdf8157d85d93decf87671705166a3\"\u003e\u003ccode\u003efd2ea72\u003c/code\u003e\u003c/a\u003e Update supported GitHub Enterprise Server versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/6dee5bc9c165ca206a70f4e3d18271971cf6ff26\"\u003e\u003ccode\u003e6dee5bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/3045\"\u003e#3045\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-5b4171dd16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...3c3833e0f8c1c83d449a7478aa59c036a9165498\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "abe4939b290fae8a1a38f2b2c37d49700a10c606", "tree": "1a23568de093f00e49c28fa02a302bf90c75740d", "parents": [ "81e0579ce5265207b422b5da04305a4422265405" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed Aug 27 08:29:52 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Aug 27 08:29:52 2025 -0700" }, "message": "Remove executable argument forwarding in tests (#2533)\n\nSimilar to #2528\n\nThis case of argument forwarding existed since the test runner was first\nwritten. It\u0027s not clear exactly why it was necessary, and it should be safe\nto remove.\n\nThe existing argument forwarding breaks some tests on CI where an\nunexpected argument is passed to some dart invocations." }, { "commit": "81e0579ce5265207b422b5da04305a4422265405", "tree": "9d15bac772e9820a3c1641b0d58be8847c2b9d0e", "parents": [ "9354f239b0eb42a459200b432893d7d026056391" ], "author": { "name": "Ömer Sinan Ağacan", "email": "omersa@google.com", "time": "Tue Aug 26 13:18:44 2025 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Aug 26 13:18:44 2025 +0100" }, "message": "Serve dart2wasm source map files (#2532)\n\n" }, { "commit": "9354f239b0eb42a459200b432893d7d026056391", "tree": "4d0c7234fca374b3d24a0e51ab85b959c93275e9", "parents": [ "5aef9719ad9b598260c062b2a90a50d2f50a78f3" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Thu Aug 07 12:56:52 2025 +1000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Aug 07 11:56:52 2025 +0900" }, "message": "Add `--coverage-path` and `--branch-coverage` options (#2517)\n\n" }, { "commit": "5aef9719ad9b598260c062b2a90a50d2f50a78f3", "tree": "6ee60a9d955eccb0bdf51d43b8b94c5f4e0bda30", "parents": [ "953e8282c6e1d08d47d53169fea7ccb7db8475fa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Aug 04 15:26:59 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Aug 04 15:26:59 2025 -0700" }, "message": "Allow connecting to the runner from test suite (#2526)\n\nCloses #2497\n\nAdd a zone variable when the declarer runs `main` from the test suite\nwhich gives access to the `connectOut` callback which creates a channel\nback to the runner with a provided name.\n\nAdd an optional argument allowing a map of zone values to the `declare`\nmethod and use it from the remote listener." }, { "commit": "953e8282c6e1d08d47d53169fea7ccb7db8475fa", "tree": "dcd385ab28931265a4ec56a910d1a0d7d940820d", "parents": [ "6aeb1e4fbc409c142d786b90d81b867e16486699" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Fri Aug 01 11:38:30 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Aug 01 11:38:30 2025 -0700" }, "message": "Drop executable arguments forwarding (#2528)\n\nCloses #2527\n\nDuring the null safety migration there were `dart` level flags that\nneeded to be kept in sync for precompiled JS tests so the platform\nexecutable arguments were forwarded direclty. This is currently causing\na test failure, and there are no null safety related `dart` level flags\nso drop the forwarding." }, { "commit": "6aeb1e4fbc409c142d786b90d81b867e16486699", "tree": "b78ea224b88241d7af47897ca8e9d811e8dad7bc", "parents": [ "65a376983298b5637521f6e022daa60ccd78c2fa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Jul 24 10:27:08 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jul 24 10:27:08 2025 -0700" }, "message": "Consider NaN a match for itself (#2524)\n\nCloses #2520\n\nA `double.nan` is not equal to itself with the `\u003d\u003d` operator, but for\nthe purposes of testing it\u0027s easier to consider a `NaN` correct where a\n`NaN` was expected. This matches behavior in several other testing\nframeworks in other languages. This is unlikely to cause existing tests\nto fail or change semantics since a test is unlikely to use non-equality\nas a positive indication of a `NaN` result." }, { "commit": "65a376983298b5637521f6e022daa60ccd78c2fa", "tree": "19cf800cad70a92eea34c8cb9d0a7c1b2430bf69", "parents": [ "c201cc98cc969c3632b2b0b4eee469330fc3ed9b" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Wed Jul 23 15:01:55 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jul 23 15:01:55 2025 -0700" }, "message": "Use latest analyzer and language version (#2523)\n\n- Migrate to the new `name` field definition.\n- Require the latest `analyzer`.\n- Update min SDK to one supported by analyer.\n- Reformat at the latest language version.\n- Use single underscore wildcards." }, { "commit": "c201cc98cc969c3632b2b0b4eee469330fc3ed9b", "tree": "fc7eba776e243144c9ebf330af23a7cea215c1aa", "parents": [ "2be5ca067bdf09e999be2ad760ab8efab854e789" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Jul 21 12:26:58 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jul 21 12:26:58 2025 -0700" }, "message": "Expand Analyzer constraints to allow 8.x (#2518)\n\nIgnore deprecated analyzer APIs to publish a cross-compatible version of\nthe test packages before bumping to require the latest version." }, { "commit": "2be5ca067bdf09e999be2ad760ab8efab854e789", "tree": "063291e216de3a8bbea5adcb585b92382d6fb865", "parents": [ "3d5aaa3f075de3eb1f67fef446b239ec2726a9eb" ], "author": { "name": "Devon Carew", "email": "devoncarew@gmail.com", "time": "Tue Jul 01 13:41:04 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jul 01 13:41:04 2025 -0700" }, "message": "prep to publish package:checks 0.3.1 (#2513)\n\n" }, { "commit": "3d5aaa3f075de3eb1f67fef446b239ec2726a9eb", "tree": "959ac44a9c369306c264519da2f4f51afa8fa702", "parents": [ "8e703e28f772257776745fa482ea4077c0ba074c" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Jul 01 06:35:25 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jul 01 06:35:25 2025 +0000" }, "message": "Bump github/codeql-action from 3.28.18 to 3.29.2 in the github-actions group (#2514)\n\nBumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 3.28.18 to 3.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.29.2\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.1\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug in PR analysis where user-provided \u003ccode\u003einclude\u003c/code\u003e query filter fails to exclude non-included queries. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2938\"\u003e#2938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.29.0\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.29.0 - 11 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2925\"\u003e#2925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.16.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2912\"\u003e#2912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.29.0/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.19\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.19 - 03 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2910\"\u003e#2910\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.19/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.29.2 - 30 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExperimental: When the \u003ccode\u003equality-queries\u003c/code\u003e input for the \u003ccode\u003einit\u003c/code\u003e action is provided with an argument, separate \u003ccode\u003e.quality.sarif\u003c/code\u003e files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2935\"\u003e#2935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.1 - 27 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug in PR analysis where user-provided \u003ccode\u003einclude\u003c/code\u003e query filter fails to exclude non-included queries. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2938\"\u003e#2938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2950\"\u003e#2950\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.29.0 - 11 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.22.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2925\"\u003e#2925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum CodeQL bundle version to 2.16.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2912\"\u003e#2912\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.19 - 03 Jun 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2910\"\u003e#2910\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/181d5eefc20863364f96762470ba6f862bdef56b\"\u003e\u003ccode\u003e181d5ee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2957\"\u003e#2957\u003c/a\u003e from github/update-v3.29.2-4c57370d0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c77386a9db782647c8e2575da69a3c950786eaca\"\u003e\u003ccode\u003ec77386a\u003c/code\u003e\u003c/a\u003e Fix changelog PR number\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8d43d4ecec27cc4205b0eaaf2e9b4bf9ee9a305b\"\u003e\u003ccode\u003e8d43d4e\u003c/code\u003e\u003c/a\u003e Update changelog for v3.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4c57370d0304fbff638216539f81d9163f77712a\"\u003e\u003ccode\u003e4c57370\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2935\"\u003e#2935\u003c/a\u003e from github/mbg/interpret-cq-results\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2830b750e5012e0a57cb63888cd5720f2326ca5c\"\u003e\u003ccode\u003e2830b75\u003c/code\u003e\u003c/a\u003e Add changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/aa72ddaeada556e7d763c9a0afb01f2c2a365e1c\"\u003e\u003ccode\u003eaa72dda\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into mbg/interpret-cq-results\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/65d1e45f0ba420207efc0f1f6d90c63dcbc97551\"\u003e\u003ccode\u003e65d1e45\u003c/code\u003e\u003c/a\u003e Rename \u003ccode\u003eSARIF_UPLOAD_ENDPOINT\u003c/code\u003e members\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/362ebf85dad6ee3df420db2cec285490b289a61f\"\u003e\u003ccode\u003e362ebf8\u003c/code\u003e\u003c/a\u003e Check both SARIF files in \u003ccode\u003equality-queries.yml\u003c/code\u003e test\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/10a3e4b17dd8a1cee767213c309bd4b1e8251eab\"\u003e\u003ccode\u003e10a3e4b\u003c/code\u003e\u003c/a\u003e Fix formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/8593ea65e2bf97ec2caa80fb0e464ed8c42c0fae\"\u003e\u003ccode\u003e8593ea6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2954\"\u003e#2954\u003c/a\u003e from github/mergeback/v3.29.1-to-main-39edc492\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...181d5eefc20863364f96762470ba6f862bdef56b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.28.18\u0026new-version\u003d3.29.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "8e703e28f772257776745fa482ea4077c0ba074c", "tree": "6119e1981b605b2ab3fdd7a1ab452ef4fd893d66", "parents": [ "0793a2b3262ac900558c49c76e9bbe4f29f91ea4" ], "author": { "name": "Seth Ladd", "email": "sethladd@google.com", "time": "Mon Jun 30 21:04:41 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 30 21:04:41 2025 -0700" }, "message": "Update README.md to clarify this is an experiment (#2512)\n\nCo-authored-by: Devon Carew \u003cdevoncarew@gmail.com\u003e" }, { "commit": "0793a2b3262ac900558c49c76e9bbe4f29f91ea4", "tree": "7c663284439343937fee5ed0a940a5fc44599490", "parents": [ "e2ddae9f2943eac2f6c5caf30bc6316e4bff4a8c" ], "author": { "name": "Agam Agarwal", "email": "agammaster@gmail.com", "time": "Thu Jun 05 04:45:16 2025 +0530" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jun 04 16:15:16 2025 -0700" }, "message": "Add isSorted and related matchers (#2490)\n\n" }, { "commit": "e2ddae9f2943eac2f6c5caf30bc6316e4bff4a8c", "tree": "080cef25bec99113c1adad44ccbe2cc6f8e0d072", "parents": [ "42a6d333d96b4b0964d356b9a29ca47ccdb43691" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Jun 01 03:58:24 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Jun 01 03:58:24 2025 +0000" }, "message": "Bump the github-actions group with 2 updates (#2506)\n\nBumps the github-actions group with 2 updates: [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `ossf/scorecard-action` from 2.4.1 to 2.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cp\u003eThis update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.2.0\"\u003ev5.2.0\u003c/a\u003e and \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.2.1\"\u003ev5.2.1\u003c/a\u003e release notes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/05b42c624433fc40578a4040d5cf5e36ddca8cde\"\u003e\u003ccode\u003e05b42c6\u003c/code\u003e\u003c/a\u003e :seedling: bump docker to ghcr v2.4.2 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1548\"\u003e#1548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/b225da6b2b97811a123bb34532642f3ad6a4f011\"\u003e\u003ccode\u003eb225da6\u003c/code\u003e\u003c/a\u003e Bump github.com/ossf/scorecard/v5 from v5.2.0 to v5.2.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/9399f6f42496e38fbb8dbcf85e17223226a5dafe\"\u003e\u003ccode\u003e9399f6f\u003c/code\u003e\u003c/a\u003e :seedling: Bump the docker-images group across 1 directory with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/e1daa8c5c7ed469dbb0167e261ed1c9fa673a9ae\"\u003e\u003ccode\u003ee1daa8c\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group across 1 directory with 5 updates (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/9fe6511b9b36af3b03200e49cf8fb09d261b5402\"\u003e\u003ccode\u003e9fe6511\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.39.0 to 0.40.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1542\"\u003e#1542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/25b9cd9cd11610dcac11e59afed9910714b12129\"\u003e\u003ccode\u003e25b9cd9\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/ossf/scorecard/v5 from v5.1.1 to v5.2.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1547\"\u003e#1547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/18cc9b81307fc5ab3c2cd7092955f06dcfdf8c42\"\u003e\u003ccode\u003e18cc9b8\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.38.0 to 0.39.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/db7814227b097a902957aa24d989c6e473613a8e\"\u003e\u003ccode\u003edb78142\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/de386ed459e2f85111697f50fe076d0ea617a32f\"\u003e\u003ccode\u003ede386ed\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang from 1.24.1 to 1.24.2 in the docker-images group (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1534\"\u003e#1534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/5b7cedba4eccfb66a6277e40cbe18d1d559ecc00\"\u003e\u003ccode\u003e5b7cedb\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1537\"\u003e#1537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.28.16 to 3.28.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.28.18\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.18/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.17\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.17/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe CodeQL Action no longer includes its own copy of the extractor for the \u003ccode\u003eactions\u003c/code\u003e language, which is currently in public preview.\nThe \u003ccode\u003eactions\u003c/code\u003e extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the \u003ccode\u003eactions\u003c/code\u003e language \u003cem\u003eand\u003c/em\u003e you have pinned\nyour \u003ccode\u003etools:\u003c/code\u003e property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable\n\u003ccode\u003eactions\u003c/code\u003e analysis.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.18 - 16 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2893\"\u003e#2893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip validating SARIF produced by CodeQL for improved performance. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2894\"\u003e#2894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe number of threads and amount of RAM used by CodeQL can now be set via the \u003ccode\u003eCODEQL_THREADS\u003c/code\u003e and \u003ccode\u003eCODEQL_RAM\u003c/code\u003e runner environment variables. If set, these environment variables override the \u003ccode\u003ethreads\u003c/code\u003e and \u003ccode\u003eram\u003c/code\u003e inputs respectively. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2891\"\u003e#2891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.17 - 02 May 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2872\"\u003e#2872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2838\"\u003e#2838\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.13 - 24 Mar 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.12 - 19 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency caching should now cache more dependencies for Java \u003ccode\u003ebuild-mode: none\u003c/code\u003e extractions. This should speed up workflows and avoid inconsistent alerts in some cases.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2810\"\u003e#2810\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.11 - 07 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2793\"\u003e#2793\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ff0a06e83cb2de871e5a09832bc6a81e7276941f\"\u003e\u003ccode\u003eff0a06e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2896\"\u003e#2896\u003c/a\u003e from github/update-v3.28.18-b86edfc27\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/a41e0844be4d25fcef7ce7fa536f3e30275a9a1c\"\u003e\u003ccode\u003ea41e084\u003c/code\u003e\u003c/a\u003e Update changelog for v3.28.18\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b86edfc27a1e0d3b55127a7496a1c770a02b2f84\"\u003e\u003ccode\u003eb86edfc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2893\"\u003e#2893\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e93b90025f7c49dccc3ee640c4155b63eb9a6b39\"\u003e\u003ccode\u003ee93b900\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into update-bundle/codeql-bundle-v2.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/510dfa3460b15b34a807ab5609b4691aed5ebbee\"\u003e\u003ccode\u003e510dfa3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2894\"\u003e#2894\u003c/a\u003e from github/henrymercer/skip-validating-codeql-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/492d7832457da825a964331d860789f3f19d105b\"\u003e\u003ccode\u003e492d783\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into henrymercer/skip-validating-codeql-sarif\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/83bdf3b7f92061d2f6d74e2a4555ecf719adad68\"\u003e\u003ccode\u003e83bdf3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2859\"\u003e#2859\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cffc916774454a5ead1c8fb7925abad20cda85e4\"\u003e\u003ccode\u003ecffc916\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2891\"\u003e#2891\u003c/a\u003e from austinpray-mixpanel/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4420887272f1c68c7c58ca2970bdfb5eb657cf08\"\u003e\u003ccode\u003e4420887\u003c/code\u003e\u003c/a\u003e Add deprecation warning for CodeQL 2.16.5 and earlier\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4e178c584157c51ff3d6fb87c764e7ed0715f82a\"\u003e\u003ccode\u003e4e178c5\u003c/code\u003e\u003c/a\u003e Update supported versions table in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...ff0a06e83cb2de871e5a09832bc6a81e7276941f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "42a6d333d96b4b0964d356b9a29ca47ccdb43691", "tree": "2a5807c3f8f4994989b1701d7fced28a07758da2", "parents": [ "5ffcb36fd6c82843f25ed96585a4b9e96022e7f9" ], "author": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Wed May 21 11:59:58 2025 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 21 11:59:58 2025 +0200" }, "message": "[native assets] Graduate to preview (#2501)\n\n" }, { "commit": "5ffcb36fd6c82843f25ed96585a4b9e96022e7f9", "tree": "ae20acd1c1d3118354f30d8aa7282bf580ac9219", "parents": [ "b9c59ea01ab0c055d120fd6542af663704c16938" ], "author": { "name": "Danny Tuppeny", "email": "danny@tuppeny.com", "time": "Mon May 19 16:16:07 2025 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 19 08:16:07 2025 -0700" }, "message": "Fix an issue with failed assertions using setUpAll/tearDownAll (#2499)\n\nWhen groups are filtered using `filter()` and not `onPlatform`, we would clone the group and tests without also cloning `setUpAll`/`tearDownAll`, which led to an assertion failure when trying to set the parents.\n\nThis change ensures we clone tests in `filter()` like we do in `forPlatform()`.\n\nFixes https://github.com/dart-lang/test/issues/2498" }, { "commit": "b9c59ea01ab0c055d120fd6542af663704c16938", "tree": "c1011cfa40a21d29f8eae0f205a482a26d3f024d", "parents": [ "e6d4877e4143715d79e8756d9234da1fe22a652d", "a1e295b4f657f4e37dc976cf45fd325e992a1bc5" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 10:47:05 2025 +1000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 13 10:47:05 2025 +1000" }, "message": "Set a debug name for test isolates (#2494)\n\n" }, { "commit": "a1e295b4f657f4e37dc976cf45fd325e992a1bc5", "tree": "c1011cfa40a21d29f8eae0f205a482a26d3f024d", "parents": [ "3c3878afe773a4a3d654da0900394e189ee0df55" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 10:23:10 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 10:23:10 2025 +1000" }, "message": "Fix CI\n" }, { "commit": "3c3878afe773a4a3d654da0900394e189ee0df55", "tree": "4200670b1d62a5a6f41cf287047b5dae05d3bfc6", "parents": [ "90e64ec2887ed07e220793ab916d91fca05a6241" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 10:15:44 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 10:15:44 2025 +1000" }, "message": "Include the test URI in the debug name\n" }, { "commit": "90e64ec2887ed07e220793ab916d91fca05a6241", "tree": "6e99cdb1f9b0d5779a93050f6b8c4efb67e2b1d1", "parents": [ "d67c897bc3de1ccea525eff1bb6324383bd9b250" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue May 13 00:09:27 2025 +0000" }, "committer": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Tue May 13 00:09:27 2025 +0000" }, "message": "Bump version\n\ntest_core 0.6.9 is already published, bump to a -wip version.\n" }, { "commit": "d67c897bc3de1ccea525eff1bb6324383bd9b250", "tree": "104f536669c46657decb7bd570009c97dadba4cc", "parents": [ "4097e1be7d97c2cbdc8a6f2ad00dfeb6907abdee", "e6d4877e4143715d79e8756d9234da1fe22a652d" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Tue May 13 07:13:11 2025 +1000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue May 13 07:13:11 2025 +1000" }, "message": "Merge branch \u0027master\u0027 into isolate_debug_name" }, { "commit": "e6d4877e4143715d79e8756d9234da1fe22a652d", "tree": "f37c837cf578e49c9af31376a296df013698eeac", "parents": [ "55d1f9ed414bc01b0ffefa64644aa7756142db58" ], "author": { "name": "Jacob MacDonald", "email": "jakemac@google.com", "time": "Mon May 12 12:40:39 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon May 12 12:40:39 2025 -0700" }, "message": "release test packages (#2495)\n\ncc @DanTup" }, { "commit": "4097e1be7d97c2cbdc8a6f2ad00dfeb6907abdee", "tree": "1e567fbbdec59bc56c7132de00ea001e26c2c916", "parents": [ "7800c010596333f508a841d1b384ecc28501cfc3" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 11:06:14 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 11:06:14 2025 +1000" }, "message": "revert workflow debugging\n" }, { "commit": "7800c010596333f508a841d1b384ecc28501cfc3", "tree": "1d058b33dcfee178c6ca2bf0c0d99baacf9412a1", "parents": [ "455483b5fd8cd44200a7df073affa0539017339d" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:57:13 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:57:13 2025 +1000" }, "message": "fmt\n" }, { "commit": "455483b5fd8cd44200a7df073affa0539017339d", "tree": "04cb41e175a21b3c06a940a64f4674254b941dc1", "parents": [ "c9b5b6fa021f6040ab04c88e223eb8f5354f99a0" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:51:16 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:51:16 2025 +1000" }, "message": "changelog\n" }, { "commit": "c9b5b6fa021f6040ab04c88e223eb8f5354f99a0", "tree": "5b264b353a44716057a9c9d9e7cedf78378aceac", "parents": [ "39c4b31decb933c837d0c4d67e6e787ef0ca01ea" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:32:15 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:32:15 2025 +1000" }, "message": "fmt\n" }, { "commit": "39c4b31decb933c837d0c4d67e6e787ef0ca01ea", "tree": "6544bd8fb3c689294fd4cdff7aab6ca0d3f4b036", "parents": [ "55d1f9ed414bc01b0ffefa64644aa7756142db58" ], "author": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:09:29 2025 +1000" }, "committer": { "name": "Liam Appelbe", "email": "liama@google.com", "time": "Wed May 07 10:09:29 2025 +1000" }, "message": "Set a debug name for test isolates\n" }, { "commit": "55d1f9ed414bc01b0ffefa64644aa7756142db58", "tree": "af12ef6ed585fb97cef080a87ffb522c8a2326af", "parents": [ "c3755d8057f29318e31f55e86b3a74d1a48f5d0a" ], "author": { "name": "Fichtelcoder", "email": "de.frankenapps@gmail.com", "time": "Mon May 05 06:41:08 2025 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun May 04 21:41:08 2025 -0700" }, "message": "Fix typos in json_reporter documentation (#2493)\n\nFix two minor typos in the documentation for the `json_reporter`.\n\nSeveral tools parse this documentation and therefore use the incorrect\ncomments." }, { "commit": "c3755d8057f29318e31f55e86b3a74d1a48f5d0a", "tree": "7e762ad1426165c204930a8029e9f40c49e01b75", "parents": [ "935b8b04f72ed902b66fd869447cd05bdbd94e6a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu May 01 03:32:25 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 01 03:32:25 2025 +0000" }, "message": "Bump github/codeql-action from 3.28.13 to 3.28.16 in the github-actions group (#2492)\n\nBumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `github/codeql-action` from 3.28.13 to 3.28.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.28.16\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.16/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.15\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.15/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.14\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2838\"\u003e#2838\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.14/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.16 - 23 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.1. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2863\"\u003e#2863\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.15 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2842\"\u003e#2842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.14 - 07 Apr 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.21.0. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2838\"\u003e#2838\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.13 - 24 Mar 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.12 - 19 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency caching should now cache more dependencies for Java \u003ccode\u003ebuild-mode: none\u003c/code\u003e extractions. This should speed up workflows and avoid inconsistent alerts in some cases.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2810\"\u003e#2810\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.11 - 07 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2793\"\u003e#2793\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.9 - 07 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2753\"\u003e#2753\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.8 - 29 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2744\"\u003e#2744\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.7 - 29 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/28deaeda66b76a05916b6923827895f2b14ab387\"\u003e\u003ccode\u003e28deaed\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2865\"\u003e#2865\u003c/a\u003e from github/update-v3.28.16-2a8cbadc0\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/03c5d71c11f6cb2c5ba7eef371219a862be30193\"\u003e\u003ccode\u003e03c5d71\u003c/code\u003e\u003c/a\u003e Update changelog for v3.28.16\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/2a8cbadc02bb64a7fd15d37c977acbad02496c80\"\u003e\u003ccode\u003e2a8cbad\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2863\"\u003e#2863\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/f76eaf51a636a5c1d927998267d92d6475363ace\"\u003e\u003ccode\u003ef76eaf5\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e63b3f5166c15fda4eb17886f01abe9445dd13f5\"\u003e\u003ccode\u003ee63b3f5\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/4c3e5362829f0b0bb62ff5f6c938d7f95574c306\"\u003e\u003ccode\u003e4c3e536\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2853\"\u003e#2853\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-7d84c66b66\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/56dd02f26d99811d607284494ff84b7d862fe837\"\u003e\u003ccode\u003e56dd02f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2852\"\u003e#2852\u003c/a\u003e from github/dependabot/github_actions/actions-457587...\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/192406dd845fb2228fcea74898b98df2a6cdcef6\"\u003e\u003ccode\u003e192406d\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into dependabot/github_actions/actions-4575878e06\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/c7dbb2084ed1bb623fbbb3976cd6dbae6daaf1fe\"\u003e\u003ccode\u003ec7dbb20\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2857\"\u003e#2857\u003c/a\u003e from github/nickfyson/address-vulns\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9a45cd8c5025281c30bbb652197ace083c291e49\"\u003e\u003ccode\u003e9a45cd8\u003c/code\u003e\u003c/a\u003e move use of input variables into env vars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...28deaeda66b76a05916b6923827895f2b14ab387\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dgithub/codeql-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d3.28.13\u0026new-version\u003d3.28.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "935b8b04f72ed902b66fd869447cd05bdbd94e6a", "tree": "40c131ef7e7c22d91f34391d3b16401f93884b96", "parents": [ "3ac991fa5ea406474e4d8d6c823fc078a6c6c6b4" ], "author": { "name": "Danny Tuppeny", "email": "danny@tuppeny.com", "time": "Mon Apr 28 16:53:56 2025 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Apr 28 08:53:56 2025 -0700" }, "message": "Allow specifying an explicit location for test/groups (#2481)\n\nUsually test locations (which are used both to report the location of\ntests in the json reporter, and also for filtering tests by line/col)\nare inferred from the call stack when test() is called.\n\nThis changes adds a new `location` parameter to group/test to allow this\ninformation to be provided explicitly. This can be useful where the call\nto `test()` doesn\u0027t contain the actual location of the declaration in\nthe call stack (for example when using `pkg:test_reflective_loader`).\n\nSee https://github.com/dart-lang/test/issues/2029\nSee https://github.com/Dart-Code/Dart-Code/issues/5480" }, { "commit": "3ac991fa5ea406474e4d8d6c823fc078a6c6c6b4", "tree": "44aa31d503e3a6ddaa0fb9f7b4eb0c4ea8e3a3b9", "parents": [ "84eba115521b74e848f096572a2d3e4d3607e8fa" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Apr 17 12:03:03 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 17 12:03:03 2025 -0700" }, "message": "Fix typos in README (#2487)\n\n" }, { "commit": "84eba115521b74e848f096572a2d3e4d3607e8fa", "tree": "a4286358b1fa267b17117bfccb0b55954891032d", "parents": [ "9f9fd77d4709e70bf9ec2a55853092256ace98d4", "ab850972b384a9ed1cf8f74c73d4475d0a5b982a" ], "author": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Fri Apr 11 16:09:22 2025 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Apr 11 16:09:22 2025 +0200" }, "message": "[native assets] Add support for pub workspaces (#2484)\n\nCloses: https://github.com/dart-lang/test/issues/2483\n\nTested in `dartdev`: https://dart-review.googlesource.com/c/sdk/+/422080\n\nPackages must opt in to a new version of package test to adopt this fix.\n(`dartdev` uses the version of `package:test` that\u0027s in the users\u0027\npubspec, rather than the one that\u0027s rolled in the Dart SDK!)\nIn the test for `dartdev` I manually applied the edits to\n`third_party/pkg/test/pkgs/test_core` and overrode the dependencies." }, { "commit": "ab850972b384a9ed1cf8f74c73d4475d0a5b982a", "tree": "a4286358b1fa267b17117bfccb0b55954891032d", "parents": [ "9f9fd77d4709e70bf9ec2a55853092256ace98d4" ], "author": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Fri Apr 11 10:08:31 2025 +0200" }, "committer": { "name": "Daco Harkes", "email": "dacoharkes@google.com", "time": "Fri Apr 11 10:37:08 2025 +0200" }, "message": "[native assets] Add support for pub workspaces\n" }, { "commit": "9f9fd77d4709e70bf9ec2a55853092256ace98d4", "tree": "d23d149871e3aada7241f72e4a62590213f3c52d", "parents": [ "8643fbf375330cd1099cdc7434306532b4bcaaf1" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Thu Apr 10 15:46:27 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 10 15:46:27 2025 -0700" }, "message": "Migrate host.dart to new JS interop (#2448)\n\nRecompile with the latest dart2js." }, { "commit": "8643fbf375330cd1099cdc7434306532b4bcaaf1", "tree": "cdf829bab0368cb73eaf6a8e3ba291c5112442bc", "parents": [ "c1fa1e692084a9aab83a171cdcffcc4087e8e40b" ], "author": { "name": "Ömer Sinan Ağacan", "email": "omersa@google.com", "time": "Wed Apr 09 10:52:43 2025 +0200" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 09 09:52:43 2025 +0100" }, "message": "Migrate from deprecated `dart:js`, `dart:js_util`, `package:js_util` to `dart:js_interop` (#2478)\n\nCloses #2447." }, { "commit": "c1fa1e692084a9aab83a171cdcffcc4087e8e40b", "tree": "c53dd2ea91d46b49130dd9417d772b75532115be", "parents": [ "31a2d64c2473e1b70e0e55ed3fae353910bfe3f3" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 01 03:27:23 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 01 03:27:23 2025 +0000" }, "message": "Bump the github-actions group with 3 updates (#2476)\n\nBumps the github-actions group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `actions/cache` from 4.2.2 to 4.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use \u003ccode\u003e@​actions/cache\u003c/code\u003e 4.0.3 package \u0026amp; prepare for new release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1577\"\u003eactions/cache#1577\u003c/a\u003e (SAS tokens for cache entries are now masked in debug logs)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1577\"\u003eactions/cache#1577\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4.2.2...v4.2.3\"\u003ehttps://github.com/actions/cache/compare/v4.2.2...v4.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.2.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.3 (obfuscates SAS token in debug logs for cache entries)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed restore \u003ccode\u003efail-on-cache-miss\u003c/code\u003e not working.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eisGhes\u003c/code\u003e check\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/5a3ec84eff668545956fd18022155c47e93e2684\"\u003e\u003ccode\u003e5a3ec84\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1577\"\u003e#1577\u003c/a\u003e from salmanmkc/salmanmkc/4-test\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/7de21022a7b6824c106a9847befcbd8154b45b6a\"\u003e\u003ccode\u003e7de2102\u003c/code\u003e\u003c/a\u003e Update releases.md\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/76d40dd347779762a1c829bbeeda5da4d81ca8c1\"\u003e\u003ccode\u003e76d40dd\u003c/code\u003e\u003c/a\u003e Update to use the latest version of the cache package to obfuscate the SAS\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/76dd5eb692f606c28d4b7a4ea7cfdffc926ba06a\"\u003e\u003ccode\u003e76dd5eb\u003c/code\u003e\u003c/a\u003e update cache with main\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/8c80c27c5e4498d5675b05fb1eff96a56c593b06\"\u003e\u003ccode\u003e8c80c27\u003c/code\u003e\u003c/a\u003e new package\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/45cfd0e7fffd1869ea4d5bfb54a464d825c1f742\"\u003e\u003ccode\u003e45cfd0e\u003c/code\u003e\u003c/a\u003e updates\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/edd449b9cf39c2a20dc7c3d505ff6dc193c48a02\"\u003e\u003ccode\u003eedd449b\u003c/code\u003e\u003c/a\u003e updated cache with latest changes\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0576707e373f92196b81695442ed3f80c347f9c7\"\u003e\u003ccode\u003e0576707\u003c/code\u003e\u003c/a\u003e latest test before pr\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/3105dc9754dd9cd935ffcf45c091ed2cadbf42b9\"\u003e\u003ccode\u003e3105dc9\u003c/code\u003e\u003c/a\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9450d42d15022999ad2fa60a8b91f01fc92a0563\"\u003e\u003ccode\u003e9450d42\u003c/code\u003e\u003c/a\u003e mask\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/actions/cache/compare/d4323d4df104b026a6aa633fdb11d772146be0bf...5a3ec84eff668545956fd18022155c47e93e2684\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.1 to 4.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.6.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use artifact 2.3.2 package \u0026amp; prepare for new upload-artifact release by \u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/685\"\u003eactions/upload-artifact#685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/685\"\u003eactions/upload-artifact#685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v4...v4.6.2\"\u003ehttps://github.com/actions/upload-artifact/compare/v4...v4.6.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02\"\u003e\u003ccode\u003eea165f8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/685\"\u003e#685\u003c/a\u003e from salmanmkc/salmanmkc/3-new-upload-artifacts-release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/08396203c179e13c71b9754ce3472ed71842eec0\"\u003e\u003ccode\u003e0839620\u003c/code\u003e\u003c/a\u003e Prepare for new release of actions/upload-artifact with new toolkit cache ver...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.28.10 to 3.28.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.28.13\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.13 - 24 Mar 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.13/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.12\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.12 - 19 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency caching should now cache more dependencies for Java \u003ccode\u003ebuild-mode: none\u003c/code\u003e extractions. This should speed up workflows and avoid inconsistent alerts in some cases.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2810\"\u003e#2810\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.12/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.11\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.11 - 07 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2793\"\u003e#2793\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.11/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.13 - 24 Mar 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.12 - 19 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency caching should now cache more dependencies for Java \u003ccode\u003ebuild-mode: none\u003c/code\u003e extractions. This should speed up workflows and avoid inconsistent alerts in some cases.\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.7. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2810\"\u003e#2810\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.11 - 07 Mar 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.6. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2793\"\u003e#2793\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.9 - 07 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2753\"\u003e#2753\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.8 - 29 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2744\"\u003e#2744\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.7 - 29 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.6 - 27 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-enable debug artifact upload for CLI versions 2.20.3 or greater. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2726\"\u003e#2726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.5 - 24 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2717\"\u003e#2717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.4 - 23 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1b549b9259bda1cb5ddde3b41741a82a2d15a841\"\u003e\u003ccode\u003e1b549b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2819\"\u003e#2819\u003c/a\u003e from github/update-v3.28.13-e0ea14102\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/82630c85f38b5b7c2c9cc279f06af77a080fba19\"\u003e\u003ccode\u003e82630c8\u003c/code\u003e\u003c/a\u003e Update changelog for v3.28.13\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/e0ea141027937784e3c10ed1679e503fcc2245bc\"\u003e\u003ccode\u003ee0ea141\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2818\"\u003e#2818\u003c/a\u003e from github/cklin/empty-pr-diff-range\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b361a915088c90790a0c458a63a4b63108a9ab0a\"\u003e\u003ccode\u003eb361a91\u003c/code\u003e\u003c/a\u003e Diff-informed analysis: fix empty PR handling\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/bd1d9ab4eda903e1b5caa241368836575c6c476b\"\u003e\u003ccode\u003ebd1d9ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2816\"\u003e#2816\u003c/a\u003e from github/cklin/overlay-file-list\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b98ae6ca52694a727f4a03c9bf7a52df66492f23\"\u003e\u003ccode\u003eb98ae6c\u003c/code\u003e\u003c/a\u003e Add overlay-database-utils tests\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9825184a0aec625d59c8e5bcc122734a77e38e7b\"\u003e\u003ccode\u003e9825184\u003c/code\u003e\u003c/a\u003e Add getFileOidsUnderPath() tests\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/ac67cffe5c20e84b598930c8453336a7404b2786\"\u003e\u003ccode\u003eac67cff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2817\"\u003e#2817\u003c/a\u003e from github/cklin/default-setup-diff-informed\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9c674ba4f548f8b6a6f1a7990756e80453894f56\"\u003e\u003ccode\u003e9c674ba\u003c/code\u003e\u003c/a\u003e build: refresh js files\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d109dd5d333ab79c34032e0443e15643c347e966\"\u003e\u003ccode\u003ed109dd5\u003c/code\u003e\u003c/a\u003e Detect PR branches for Default Setup\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...1b549b9259bda1cb5ddde3b41741a82a2d15a841\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "31a2d64c2473e1b70e0e55ed3fae353910bfe3f3", "tree": "1398799ba1f59b469baa885d21200cab7f843bb6", "parents": [ "9e349d0e9f6c477584ea320f7ba2f49f761d84ac" ], "author": { "name": "Nate Bosch", "email": "nbosch@google.com", "time": "Mon Mar 31 16:00:12 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 31 16:00:12 2025 -0700" }, "message": "Sort reporter options (#2475)\n\nPrevious versions of `package:args` alphabetically sorted the\n`allowedHelp` entries for help output. The latest release removes the\nsorting and breaks the change-detection tests for the help output.\n\nhttps://github.com/dart-lang/core/pull/852\n\nManually sort the keys of the reporters map to match the alpha sort of\nthe old output." }, { "commit": "9e349d0e9f6c477584ea320f7ba2f49f761d84ac", "tree": "0975b78accfb041068441ff1e1b768403aeaa04e", "parents": [ "e941dbacec920f804a682c3991521f208333fb79" ], "author": { "name": "Jonas Finnemann Jensen", "email": "jonasfj@google.com", "time": "Thu Mar 06 02:09:39 2025 +0100" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Mar 05 17:09:39 2025 -0800" }, "message": "Suggest using `dart pub add dev:checks` (#2467)\n\nThen we don\u0027t have to update the version number in the `README.md` every\ntime we make publish a new release." }, { "commit": "e941dbacec920f804a682c3991521f208333fb79", "tree": "b1d11475626b91ae73f3156a52f76e55c10d603d", "parents": [ "32bf9b732d01c09813e116e7f1a03aad655b57df" ], "author": { "name": "Devon Carew", "email": "devoncarew@gmail.com", "time": "Tue Mar 04 14:54:08 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 04 14:54:08 2025 -0800" }, "message": "Update publish.yaml (#2465)\n\n- update permissions for the publish workflow\n" }, { "commit": "32bf9b732d01c09813e116e7f1a03aad655b57df", "tree": "2e6711e470dfb4dadaa4395fb0795bf5ac254aa8", "parents": [ "a833663e56b6182f8372180f5c95d1c01b531150" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Mar 01 04:03:32 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Mar 01 04:03:32 2025 +0000" }, "message": "Bump the github-actions group with 5 updates (#2462)\n\nBumps the github-actions group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/cache](https://github.com/actions/cache) | `4.2.0` | `4.2.2` |\n| [dart-lang/setup-dart](https://github.com/dart-lang/setup-dart) | `1.7.0` | `1.7.1` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.28.8` | `3.28.10` |\n\nUpdates `actions/cache` from 4.2.0 to 4.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/releases\"\u003eactions/cache\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nAs a reminder, there were important backend changes to release v4.2.0, see \u003ca href\u003d\"https://github.com/actions/cache/releases/tag/v4.2.0\"\u003ethose release notes\u003c/a\u003e and \u003ca href\u003d\"https://github.com/actions/cache/discussions/1510\"\u003ethe announcement\u003c/a\u003e for more details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v4.0.2 by \u003ca href\u003d\"https://github.com/robherley\"\u003e\u003ccode\u003e@​robherley\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1560\"\u003eactions/cache#1560\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4.2.1...v4.2.2\"\u003ehttps://github.com/actions/cache/compare/v4.2.1...v4.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nAs a reminder, there were important backend changes to release v4.2.0, see \u003ca href\u003d\"https://github.com/actions/cache/releases/tag/v4.2.0\"\u003ethose release notes\u003c/a\u003e and \u003ca href\u003d\"https://github.com/actions/cache/discussions/1510\"\u003ethe announcement\u003c/a\u003e for more details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003edocs: GitHub is spelled incorrectly in caching-strategies.md by \u003ca href\u003d\"https://github.com/janco-absa\"\u003e\u003ccode\u003e@​janco-absa\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1526\"\u003eactions/cache#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Make the \u0026quot;always save prime numbers\u0026quot; example more clear by \u003ca href\u003d\"https://github.com/Tobbe\"\u003e\u003ccode\u003e@​Tobbe\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1525\"\u003eactions/cache#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate force deletion docs due a recent deprecation by \u003ca href\u003d\"https://github.com/sebbalex\"\u003e\u003ccode\u003e@​sebbalex\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1500\"\u003eactions/cache#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v4.0.1 by \u003ca href\u003d\"https://github.com/robherley\"\u003e\u003ccode\u003e@​robherley\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1554\"\u003eactions/cache#1554\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/janco-absa\"\u003e\u003ccode\u003e@​janco-absa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1526\"\u003eactions/cache#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/Tobbe\"\u003e\u003ccode\u003e@​Tobbe\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1525\"\u003eactions/cache#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/sebbalex\"\u003e\u003ccode\u003e@​sebbalex\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1500\"\u003eactions/cache#1500\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/cache/compare/v4.2.0...v4.2.1\"\u003ehttps://github.com/actions/cache/compare/v4.2.0...v4.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch3\u003e4.2.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.2.0\u003c/h3\u003e\n\u003cp\u003eTLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e now integrates with the new cache service (v2) APIs.\u003c/p\u003e\n\u003cp\u003eThe new service will gradually roll out as of \u003cstrong\u003eFebruary 1st, 2025\u003c/strong\u003e. The legacy service will also be sunset on the same date. Changes in these release are \u003cstrong\u003efully backward compatible\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe are deprecating some versions of this action\u003c/strong\u003e. We recommend upgrading to version \u003ccode\u003ev4\u003c/code\u003e or \u003ccode\u003ev3\u003c/code\u003e as soon as possible before \u003cstrong\u003eFebruary 1st, 2025.\u003c/strong\u003e (Upgrade instructions below).\u003c/p\u003e\n\u003cp\u003eIf you are using pinned SHAs, please use the SHAs of versions \u003ccode\u003ev4.2.0\u003c/code\u003e or \u003ccode\u003ev3.4.0\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eIf you do not upgrade, all workflow runs using any of the deprecated \u003ca href\u003d\"https://github.com/actions/cache\"\u003eactions/cache\u003c/a\u003e will fail.\u003c/p\u003e\n\u003cp\u003eUpgrading to the recommended versions will not break your workflows.\u003c/p\u003e\n\u003ch3\u003e4.1.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1474\"\u003e#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity fix: Bump braces from 3.0.2 to 3.0.3 - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1475\"\u003e#1475\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore original behavior of \u003ccode\u003ecache-hit\u003c/code\u003e output - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1467\"\u003e#1467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003ecache-hit\u003c/code\u003e output is set when a cache is missed - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1404\"\u003e#1404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003esave-always\u003c/code\u003e input - \u003ca href\u003d\"https://redirect.github.com/actions/cache/pull/1452\"\u003e#1452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed restore \u003ccode\u003efail-on-cache-miss\u003c/code\u003e not working.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eisGhes\u003c/code\u003e check\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e4.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated minimum runner version support from node 12 -\u0026gt; node 20\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/d4323d4df104b026a6aa633fdb11d772146be0bf\"\u003e\u003ccode\u003ed4323d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1560\"\u003e#1560\u003c/a\u003e from actions/robherley/v4.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/da26677639ccfb4615f1acc52d1fc3dc89152490\"\u003e\u003ccode\u003eda26677\u003c/code\u003e\u003c/a\u003e bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v4.0.2, prep for v4.2.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/7921ae235bdcb376cc8f22558dc5f8ddc3c3c2f9\"\u003e\u003ccode\u003e7921ae2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1557\"\u003e#1557\u003c/a\u003e from actions/robherley/ia-workflow-released\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/393773170624981bfaa3aac1cb736e3004eac1de\"\u003e\u003ccode\u003e3937731\u003c/code\u003e\u003c/a\u003e Update publish-immutable-actions.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/0c907a75c2c80ebcb7f088228285e798b750cf8f\"\u003e\u003ccode\u003e0c907a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1554\"\u003e#1554\u003c/a\u003e from actions/robherley/v4.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/710893c2369beb60748049b671f18c43a3656fce\"\u003e\u003ccode\u003e710893c\u003c/code\u003e\u003c/a\u003e bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/9fa7e61ec7e1f44ac75218e7aaea81da8856fd11\"\u003e\u003ccode\u003e9fa7e61\u003c/code\u003e\u003c/a\u003e Update force deletion docs due a recent deprecation (\u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1500\"\u003e#1500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/36f1e144e1c8edb0a652766b484448563d8baf46\"\u003e\u003ccode\u003e36f1e14\u003c/code\u003e\u003c/a\u003e docs: Make the \u0026quot;always save prime numbers\u0026quot; example more clear (\u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/cache/commit/53aa38c736a561b9c17b62df3fe885a17b78ee6d\"\u003e\u003ccode\u003e53aa38c\u003c/code\u003e\u003c/a\u003e Correct GitHub Spelling in caching-strategies.md (\u003ca href\u003d\"https://redirect.github.com/actions/cache/issues/1526\"\u003e#1526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...d4323d4df104b026a6aa633fdb11d772146be0bf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dart-lang/setup-dart` from 1.7.0 to 1.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/dart-lang/setup-dart/releases\"\u003edart-lang/setup-dart\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRoll \u003ccode\u003eundici\u003c/code\u003e dependency to address \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\"\u003eCVE-2025-22150\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate to the latest npm dependencies.\u003c/li\u003e\n\u003cli\u003eRecompile the action using the new Dart / JavaScript interop.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/dart-lang/setup-dart/blob/main/CHANGELOG.md\"\u003edart-lang/setup-dart\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRoll \u003ccode\u003eundici\u003c/code\u003e dependency to address \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\"\u003eCVE-2025-22150\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate to the latest npm dependencies.\u003c/li\u003e\n\u003cli\u003eRecompile the action using the new Dart / JavaScript interop.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eInstall flutter sdk in publishing step, allowing Flutter packages to be\npublished (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/68\"\u003e#68\u003c/a\u003e[])\u003c/p\u003e\n\u003cp\u003e\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/68\"\u003e#68\u003c/a\u003e: \u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/68\"\u003edart-lang/setup-dart#68\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix zip path handling on Windows 11 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/118\"\u003e#118\u003c/a\u003e[])\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/118\"\u003e#118\u003c/a\u003e: \u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/118\"\u003edart-lang/setup-dart#118\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRebuild JS code.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRoll \u003ccode\u003eundici\u003c/code\u003e dependency to address \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\"\u003eCVE-2024-30260\u003c/a\u003e and \u003ca href\u003d\"https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672\"\u003eCVE-2024-30261\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to running the workflow on \u003ccode\u003enode20`` from \u003c/code\u003enode16`. See also\n\u003ca href\u003d\"https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/\"\u003eTransitioning from Node 16 to Node 20\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the google storage url for \u003ccode\u003emain\u003c/code\u003e channel releases.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable provisioning of the latest Dart SDK patch release by specifying just\nthe major and minor version (e.g. \u003ccode\u003e3.2\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.1\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c\"\u003e\u003ccode\u003ee51d8e5\u003c/code\u003e\u003c/a\u003e prep for releasing 1.7.1 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/1faf8e64e5464d6b727016aa2467794f7dc410fb\"\u003e\u003ccode\u003e1faf8e6\u003c/code\u003e\u003c/a\u003e updates to move away from dart:js_util (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/148\"\u003e#148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/614cb8d798824d682e7086a5d8b14e588723bc5c\"\u003e\u003ccode\u003e614cb8d\u003c/code\u003e\u003c/a\u003e Bump flutter-actions/setup-flutter in the github-actions group (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/55f49ad7b2b8b71f3043f80dc4cd4e0eca4aa90b\"\u003e\u003ccode\u003e55f49ad\u003c/code\u003e\u003c/a\u003e Bump undici from 5.28.4 to 5.28.5 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/2c0db8f5ec902ee2420de88e6ece2f275d1f26f1\"\u003e\u003ccode\u003e2c0db8f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e from 2.0.1 to 2.0.2 (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/dart-lang/setup-dart/commit/6123db65aca0aa1e30809215875310f1ca706148\"\u003e\u003ccode\u003e6123db6\u003c/code\u003e\u003c/a\u003e Bump dart-lang/setup-dart in the github-actions group (\u003ca href\u003d\"https://redirect.github.com/dart-lang/setup-dart/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/dart-lang/setup-dart/compare/e630b99d28a3b71860378cafdc2a067c71107f94...e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ossf/scorecard-action` from 2.4.0 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThis update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.1.0\"\u003ev5.1.0\u003c/a\u003e and \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v5.1.1\"\u003ev5.1.1\u003c/a\u003e release notes.\u003c/li\u003e\n\u003cli\u003ePublishing results now uses half the API quota as before. The exact savings depends on the repository in question.\n\u003cul\u003e\n\u003cli\u003euse Scorecard library entrypoint instead of Cobra hooking by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1423\"\u003eossf/scorecard-action#1423\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSome errors were made into annotations to make them more visible\n\u003cul\u003e\n\u003cli\u003eMake default branch error more prominent by \u003ca href\u003d\"https://github.com/jsoref\"\u003e\u003ccode\u003e@​jsoref\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1459\"\u003eossf/scorecard-action#1459\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThere is now an optional \u003ccode\u003efile_mode\u003c/code\u003e input which controls how repository files are fetched from GitHub. The default is \u003ccode\u003earchive\u003c/code\u003e, but \u003ccode\u003egit\u003c/code\u003e produces the most accurate results for repositories with \u003ccode\u003e.gitattributes\u003c/code\u003e files at the cost of analysis speed.\n\u003cul\u003e\n\u003cli\u003eadd input for specifying \u003ccode\u003e--file-mode\u003c/code\u003e by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1509\"\u003eossf/scorecard-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe underlying container for the action is now \u003ca href\u003d\"https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action\"\u003ehosted on GitHub Container Registry\u003c/a\u003e. There should be no functional changes.\n\u003cul\u003e\n\u003cli\u003e:seedling: publish docker images to GitHub Container Registry by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1453\"\u003eossf/scorecard-action#1453\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eInstallation docs update by \u003ca href\u003d\"https://github.com/JeremiahAHoward\"\u003e\u003ccode\u003e@​JeremiahAHoward\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1416\"\u003eossf/scorecard-action#1416\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/JeremiahAHoward\"\u003e\u003ccode\u003e@​JeremiahAHoward\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1416\"\u003eossf/scorecard-action#1416\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/jsoref\"\u003e\u003ccode\u003e@​jsoref\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1459\"\u003eossf/scorecard-action#1459\u003c/a\u003e\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/f49aabe0b5af0936a0987cfb85d86b75731b0186\"\u003e\u003ccode\u003ef49aabe\u003c/code\u003e\u003c/a\u003e bump docker to ghcr v2.4.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/30a595ba8670f7bd5e2d33119dfeeb6ab2f64991\"\u003e\u003ccode\u003e30a595b\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/69ae593b7addfd5241b46c43c7ed6abbd7203d55\"\u003e\u003ccode\u003e69ae593\u003c/code\u003e\u003c/a\u003e omit vcs info from build (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1514\"\u003e#1514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/6a62a1cbf28018bd61197d0c2852b94b046fe1a4\"\u003e\u003ccode\u003e6a62a1c\u003c/code\u003e\u003c/a\u003e add input for specifying \u003ccode\u003e--file-mode\u003c/code\u003e (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/2722664778d49161a69d42f8e82e15ed38fea8d1\"\u003e\u003ccode\u003e2722664\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1510\"\u003e#1510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/ae0ef3171a81cb48c3fdaaf34cba323d0c51fefb\"\u003e\u003ccode\u003eae0ef31\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/3676bbc29082184ac34a84d1573c0419f81c4a68\"\u003e\u003ccode\u003e3676bbc\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang from 1.23.6 to 1.24.0 in the docker-images group (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1513\"\u003e#1513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/ae7548a0ff1b94dda3a89eeda8f59c031874f035\"\u003e\u003ccode\u003eae7548a\u003c/code\u003e\u003c/a\u003e Limit codeQL push trigger to main branch (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1507\"\u003e#1507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/9165624e75f0c73d13a9db2d4d920bcc5fc3a801\"\u003e\u003ccode\u003e9165624\u003c/code\u003e\u003c/a\u003e upgrade scorecard to v5.1.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1508\"\u003e#1508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/620fd28d6b2ba01c1d70cf63dfb4bdf868e19d6f\"\u003e\u003ccode\u003e620fd28\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 2 updates (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1505\"\u003e#1505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.0 to 4.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use artifact 2.2.2 package by \u003ca href\u003d\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/pull/673\"\u003eactions/upload-artifact#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/v4...v4.6.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v4...v4.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1\"\u003e\u003ccode\u003e4cec3d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/actions/upload-artifact/issues/673\"\u003e#673\u003c/a\u003e from actions/yacaovsnc/artifact_2.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/e9fad966ccdffceea5de0445882c9455934bcf8e\"\u003e\u003ccode\u003ee9fad96\u003c/code\u003e\u003c/a\u003e license cache update for artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/actions/upload-artifact/commit/b26fd06e9da88a61ada55f23d7863325b1f115d3\"\u003e\u003ccode\u003eb26fd06\u003c/code\u003e\u003c/a\u003e Update to use artifact 2.2.2 package\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href\u003d\"https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3.28.8 to 3.28.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.28.10\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.10/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003ev3.28.9\u003c/h2\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e3.28.9 - 07 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2753\"\u003e#2753\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full \u003ca href\u003d\"https://github.com/github/codeql-action/blob/v3.28.9/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for more information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action\u0027s changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href\u003d\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.10 - 21 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.5. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2772\"\u003e#2772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAddress an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2768\"\u003e#2768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.9 - 07 Feb 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.4. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2753\"\u003e#2753\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.8 - 29 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2744\"\u003e#2744\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.7 - 29 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.6 - 27 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-enable debug artifact upload for CLI versions 2.20.3 or greater. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2726\"\u003e#2726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.5 - 24 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.3. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2717\"\u003e#2717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.4 - 23 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.3 - 22 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.20.2. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2707\"\u003e#2707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the \u003ca href\u003d\"https://github.com/github/codeql-action-sync-tool\"\u003eCodeQL Action sync tool\u003c/a\u003e and the Actions runner did not have Zstandard installed. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2710\"\u003e#2710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUploading debug artifacts for CodeQL analysis is temporarily disabled. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2712\"\u003e#2712\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.28.2 - 21 Jan 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e3.28.1 - 10 Jan 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see \u003ca href\u003d\"https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/\"\u003ethis changelog post\u003c/a\u003e. \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/pull/2677\"\u003e#2677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d\"\u003e\u003ccode\u003eb56ba49\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2778\"\u003e#2778\u003c/a\u003e from github/update-v3.28.10-9856c48b1\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/60c9c77c33f2cd66390a3778d54de88b735b2526\"\u003e\u003ccode\u003e60c9c77\u003c/code\u003e\u003c/a\u003e Update changelog for v3.28.10\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9856c48b1a54789454314b4c32ef2354fe213208\"\u003e\u003ccode\u003e9856c48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2773\"\u003e#2773\u003c/a\u003e from github/redsun82/rust\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/9572e09da430b4c71f7488e4195b4ca6ce1c6ef0\"\u003e\u003ccode\u003e9572e09\u003c/code\u003e\u003c/a\u003e Rust: fix log string\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/1a529366ac3620317d953e2d4018eafa7459cb1c\"\u003e\u003ccode\u003e1a52936\u003c/code\u003e\u003c/a\u003e Rust: special case default setup\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cf7e90952bcceaebd4a548c2809ea6a5d461a1bc\"\u003e\u003ccode\u003ecf7e909\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2772\"\u003e#2772\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.20.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/b7006aab6d38638d18e38a27c18f67138529c2f8\"\u003e\u003ccode\u003eb7006aa\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into update-bundle/codeql-bundle-v2.20.5\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/cfedae723eaced5e13052b529375e7b00d49a9cd\"\u003e\u003ccode\u003ecfedae7\u003c/code\u003e\u003c/a\u003e Rust: throw configuration errors if requested and not correctly enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/3971ed2a74ede0669fa7f4f5af4292030280dbfd\"\u003e\u003ccode\u003e3971ed2\u003c/code\u003e\u003c/a\u003e Merge branch \u0027main\u0027 into redsun82/rust\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/github/codeql-action/commit/d38c6e60dfb0232f85e388dd416559ed07da5f3a\"\u003e\u003ccode\u003ed38c6e6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href\u003d\"https://redirect.github.com/github/codeql-action/issues/2775\"\u003e#2775\u003c/a\u003e from github/angelapwen/bump-octokit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s major version (unless you unignore this specific dependency\u0027s major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency\u0027s minor version (unless you unignore this specific dependency\u0027s minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\u003c/details\u003e" }, { "commit": "a833663e56b6182f8372180f5c95d1c01b531150", "tree": "64a53da933ec729d0b04fb245705aab0d02f1e1b", "parents": [ "17609bf90c9d5ef47707f5796763629450382474" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Tue Feb 18 12:16:17 2025 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Feb 18 10:16:17 2025 -0800" }, "message": "[test] ignore deprecated pkg:js (for now) (#2458)\n\n" }, { "commit": "17609bf90c9d5ef47707f5796763629450382474", "tree": "7e4867742ca0b482772b34defeb8a58199f07b97", "parents": [ "73d629d250ecff735ae9324658b042ed6c7d0d84" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Fri Feb 07 20:02:02 2025 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Feb 07 18:02:02 2025 -0800" }, "message": "[test] allow the latest version of pkg:shelf_web_socket (#2457)\n\nPrepare to publish" }, { "commit": "73d629d250ecff735ae9324658b042ed6c7d0d84", "tree": "1ca537a861821e6c4d8b62e2291a290a4eb7654b", "parents": [ "2ccfc5cdba8e36b3939e26f09116d49aa12c76e8" ], "author": { "name": "Kevin Moore", "email": "kevmoo@users.noreply.github.com", "time": "Thu Feb 06 13:49:53 2025 -0600" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 06 11:49:53 2025 -0800" }, "message": "Enable and fix unnecessary_ignore lint (#2456)\n\n" } ], "next": "2ccfc5cdba8e36b3939e26f09116d49aa12c76e8" }