Skip to content

Merge main into releases/v4 #3198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 77 commits into from
Oct 10, 2025
Merged

Merge main into releases/v4 #3198

merged 77 commits into from
Oct 10, 2025
+2,507 −913

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Oct 10, 2025
edited by mbg
Loading

Merging 527f0f3 into releases/v4.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v4 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

mbg and others added 30 commits October 3, 2025 14:40
@mbg
Add getLatestToolcacheVersion with tests
297313d
@mbg
Support requesting CLI from toolcache with tools: toolcache
425ef85
@mbg
Accept toolcache as version value for prepare-test
7d468c9
@mbg
Add basic PR check for tools: toolcache
13a3a68
@mbg
Add more questions to the PR template
dd9e24a
@mbg
Remove toolcache option description from action.yml
4d0c164
@mbg
Add isDynamicWorkflow function
43ce7ef
@mbg
Use semver.compare instead of semver.lt
1cc5eb6
@mbg
Restrict when tools: toolcache can be used
726a341
@redsun82
Introduce CODEQL_ACTION_SKIP_SARIF_UPLOAD
e0b9da7 
This triggers a subset of the behavior of `CODEQL_ACTION_TEST_MODE`,
specifically just skipping the SARIF upload step. This is required for
our internal testing where we want the SARIF file (via
`CODEQL_ACTION_DUMP_SARIF_DIR`) but don't want to actually upload it,
but we don't want the rest of the behaviour of `CODEQL_ACTION_TEST_MODE`
that is specific for `codeql-action` own CI checks.
@mbg
Rename upload-quality-sarif.yml workflow
9b3ade9
@mbg
Run upload-sarif check for all analysis-kinds values
6bdf5d3
@mbg
Cover more cases in upload-sarif check
6f964b7
@redsun82 @Copilot
Update src/util.ts
882667e 
Co-authored-by: Copilot <[email protected]>
@redsun82
Clarify comment about SKIP_SARIF_UPLOAD setting
11e4034
@mbg
Include analysis kind in payloadSaveFile path in uploadPayload
22aba57
@redsun82
Specify reason for skipping SARIF upload in logs
680b070
@mbg
Add explicit category values
380e002
@mbg
Fix: Update payload.json path in with-checkout-path test
14c5d77
@mbg
Adjust step names to be clearer
dabf6fc
@redsun82
Revert "Specify reason for skipping SARIF upload in logs"
25c8db9 
This reverts commit 680b070.
@redsun82
Tweak SARIF skipping logs
00a6e13
@dependabot
Bump the npm group with 4 updates
ff23a55 
Bumps the npm group with 4 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@eslint/js` from 9.36.0 to 9.37.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.44.1 to 8.45.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.44.1 to 8.45.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/parser)

Updates `typescript` from 5.9.2 to 5.9.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](microsoft/TypeScript@v5.9.2...v5.9.3)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: typescript
  dependency-version: 5.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
6877465
@henrymercer
Merge pull request #3182 from github/dependabot/npm_and_yarn/npm-b02b…
db562a6 
…6854f6

Bump the npm group with 4 updates
@henrymercer
Merge branch 'main' into mbg/pr-checks/upload-sarif
1491baa
@redsun82
Merge branch 'main' into redsun82/skip-sarif-upload
5dfb610
@redsun82
Remove unneeded comment
86b2ad6
@mbg
Merge pull request #3181 from github/mbg/pr-checks/upload-sarif
239d7b2 
Add more end-to-end tests for `upload-sarif`
@mbg
Merge branch 'main' into mbg/pr-template/tests
7f5db16
redsun82 and others added 21 commits October 9, 2025 12:31
@redsun82
Simplify uploadPayload tests
ff2fc66
@redsun82
Address review
610c7c6
@redsun82
Merge pull request #3185 from github/redsun82/skip-sarif-upload-tests
a8440d0 
Add unit tests for `uploadPayload`
@mbg
Add AllowToolcacheInput feature
62f0f21
@mbg
Gate tools: toolcache behind FF
a512fe0 
Mainly to allow us to disable it, if needed.
@mbg
Fix log message swap
524b9a0
@henrymercer
Dependabot: Only group minor and patch updates
e74435a 
Major updates are likely to include breaking changes and are worth reviewing individually.
@mbg
Add test macro for fallback tests
5c752c8
@mbg
Add tests for scenarios where the feature is unavailable
dc2ced8
@mbg
Fix swapped log levels
4704ab1
@henrymercer
Merge pull request #3194 from github/henrymercer-patch-1
168b2de 
Dependabot: Only group minor and patch updates
@dependabot
Bump the npm-minor group with 3 updates
b516b1d 
Bumps the npm-minor group with 3 updates: [semver](https://github.com/npm/node-semver), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `semver` from 7.7.2 to 7.7.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.7.2...v7.7.3)

Updates `@typescript-eslint/eslint-plugin` from 8.45.0 to 8.46.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.45.0 to 8.46.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.0/packages/parser)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 7.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.46.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.46.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
e1257b6
@dependabot
Bump ruby/setup-ruby
eadf14b 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.263.0 to 1.265.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@0481980...ab177d4)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.265.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump github/codeql-action from 3 to 4 in /.github/workflows
4521864 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
413a4a4
@mbg
Merge pull request #3193 from github/mbg/ff/tools-toolcache
4e90a42 
Gate `tools: toolcache` behind FF
@henrymercer
Merge pull request #3197 from github/dependabot/github_actions/dot-gi…
f5e53f9 
…thub/workflows/github/codeql-action-4

Bump github/codeql-action from 3 to 4 in /.github/workflows
@henrymercer
Merge pull request #3196 from github/dependabot/github_actions/dot-gi…
f402506 
…thub/workflows/actions-minor-945aab589d

Bump ruby/setup-ruby from 1.263.0 to 1.265.0 in /.github/workflows in the actions-minor group across 1 directory
@henrymercer
Merge pull request #3195 from github/dependabot/npm_and_yarn/npm-mino…
527f0f3 
…r-37415c9066

Bump the npm-minor group with 3 updates
@github-actions
Update changelog for v4.30.8
7a2cb62
@mbg mbg marked this pull request as ready for review October 10, 2025 14:39
@mbg mbg requested a review from a team as a code owner October 10, 2025 14:39
@Copilot Copilot AI review requested due to automatic review settings October 10, 2025 14:39
Copilot
Copilot AI reviewed Oct 10, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@mbg mbg merged commit f443b60 into releases/v4 Oct 10, 2025
237 of 240 checks passed
@mbg mbg deleted the update-v4.30.8-527f0f324 branch October 10, 2025 15:54
@github-actions github-actions bot mentioned this pull request Oct 10, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mbg @redsun82 @henrymercer @mario-campos @nickrolfe