Merge main into releases/v4 by github-actions[bot] · Pull Request #3371 · github/codeql-action

github-actions · 2025-12-16T17:45:50Z

Merging 998798e into releases/v4.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

Ensure the CHANGELOG displays the correct version and date.
Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
Check that there are not any unexpected commits being merged into the releases/v4 branch.
Ensure the docs team is aware of any documentation changes that need to be released.
Mark the PR as ready for review to trigger the full set of PR checks.
Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
Merge the mergeback PR that will automatically be created once this PR is merged.
Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

Bumps the npm-minor group with 5 updates: | Package | From | To | | --- | --- | --- | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.3.3` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.48.0` | `8.48.1` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.48.0` | `8.48.1` | | [esbuild](https://github.com/evanw/esbuild) | `0.27.0` | `0.27.1` | | [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `61.4.1` | `61.5.0` | Updates `node-forge` from 1.3.2 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.2...v1.3.3) Updates `@typescript-eslint/eslint-plugin` from 8.48.0 to 8.48.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.48.0 to 8.48.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/parser) Updates `esbuild` from 0.27.0 to 0.27.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.0...v0.27.1) Updates `eslint-plugin-jsdoc` from 61.4.1 to 61.5.0 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](gajus/eslint-plugin-jsdoc@v61.4.1...v61.5.0) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.48.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@typescript-eslint/parser" dependency-version: 8.48.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: esbuild dependency-version: 0.27.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: eslint-plugin-jsdoc dependency-version: 61.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the actions-minor group with 2 updates in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `ruby/setup-ruby` from 1.268.0 to 1.269.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@8aeb6ff...d697be2) Updates `actions/create-github-app-token` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@v2.2.0...v2.2.1) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.269.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: actions/create-github-app-token dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>

This more closely reflects the published naming https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency

Mergeback v4.31.8 refs/heads/releases/v4 into main

…r-38a2a793c5 Bump the npm-minor group with 5 updates

…thub/workflows/actions-minor-dc476f2f5b Bump the actions-minor group across 1 directory with 2 updates

Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.269.0 to 1.270.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@d697be2...ac793fd) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.270.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Remove `AnalyzeUseNewUpload` FF and make its behaviour the default

…thub/workflows/actions/upload-artifact-6 Bump actions/upload-artifact from 5 to 6 in /.github/workflows

…thub/workflows/actions-minor-8751820eb1 Bump ruby/setup-ruby from 1.269.0 to 1.270.0 in /.github/workflows in the actions-minor group across 1 directory

…ws/actions/download-artifact-7

…thub/workflows/actions/download-artifact-7 Bump actions/download-artifact from 6 to 7 in /.github/workflows

…ols-version-from-ffs Determine CodeQL version from feature flags on GHEC-DR

…metry Add status report for uploading databases to API

Clean up `JavaMinimizeDependencyJars` feature flag

Copilot

Pull request overview

This PR merges updates from main into the releases/v4 branch, primarily containing dependency updates, internal refactoring to rename GitHub environment variants, and workflow configuration changes. The changes do not affect user-facing functionality.

Reviewed changes

Copilot reviewed 47 out of 48 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/util.ts	Refactors GitHub variant enum from numeric to string values with descriptive names
src/util.test.ts	Updates tests to use new GitHub variant naming
src/setup-codeql.ts	Adjusts logic to use GHES variant check instead of non-DOTCOM check
src/init-action.ts	Removes feature flag for Java dependency jar minimization, enables by default based on CodeQL version
src/feature-flags.ts	Removes unused feature flags and refactors variant support checking
src/feature-flags.test.ts	Updates tests for GHEC-DR and consolidates test cases
src/dependency-caching.ts	Removes Java-specific cache key handling logic
src/dependency-caching.test.ts	Removes tests for Java minimize dependency jars feature
src/database-upload.ts	Adds return type for upload results tracking
src/database-upload.test.ts	Updates test expectations for error messages
src/api-client.ts	Updates variant name from GHE_DOTCOM to GHEC_DR
src/api-client.test.ts	Updates test for GHEC-DR naming
src/analyze-action.ts	Removes conditional upload logic, simplifies to single upload path
pr-checks/checks/*.yml	Updates action versions (ruby/setup-ruby, actions/upload-artifact)
package.json	Bumps version to 4.31.9 and updates dependencies
lib/*.js	Generated JavaScript from TypeScript changes
CHANGELOG.md	Adds entry for version 4.31.9
.github/workflows/*.yml	Updates actions/create-github-app-token and actions/download-artifact versions
.github/pull_request_template.md	Clarifies Dotcom environment description

dependabot bot and others added 30 commits December 8, 2025 17:02

Rebuild

b73d396

Rebuild

cd48547

Determine CodeQL version from feature flags on GHEC-DR

7a55ffe

Rename GHE_DOTCOM to GHEC_DR

1fc7d37

This more closely reflects the published naming https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency

Update PR template to include GHEC-DR

da50124

Clean up JavaMinimizeDependencyJars feature flag

805b7e1

Update changelog and version after v4.31.8

4564f5e

Rebuild

65bad62

Merge pull request #3356 from github/mergeback/v4.31.8-to-main-1b168cd3

4b675e4

Mergeback v4.31.8 refs/heads/releases/v4 into main

Return status report from cleanupAndUploadDatabases

8e921c3

Populate database upload results telemetry

5d063dd

Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-38a2a793c5

2ac846d

Merge pull request #3348 from github/dependabot/npm_and_yarn/npm-mino…

0264b51

…r-38a2a793c5 Bump the npm-minor group with 5 updates

Merge pull request #3349 from github/dependabot/github_actions/dot-gi…

7e0b77e

…thub/workflows/actions-minor-dc476f2f5b Bump the actions-minor group across 1 directory with 2 updates

Make postProcessAndUploadSarif the default

b1dea65

Remove AnalyzeUseNewUpload FF

009fe6b

Merge branch 'main' into mbg/ff/make-new-upload-default

b30cb9a

Rebuild

d6c1a79

Rebuild

7fd7db3

Merge pull request #3309 from github/mbg/ff/make-new-upload-default

a682bbe

Remove `AnalyzeUseNewUpload` FF and make its behaviour the default

Merge pull request #3366 from github/dependabot/github_actions/dot-gi…

07cd437

…thub/workflows/actions/upload-artifact-6 Bump actions/upload-artifact from 5 to 6 in /.github/workflows

Merge pull request #3364 from github/dependabot/github_actions/dot-gi…

d0ad1da

…thub/workflows/actions-minor-8751820eb1 Bump ruby/setup-ruby from 1.269.0 to 1.270.0 in /.github/workflows in the actions-minor group across 1 directory

Merge branch 'main' into dependabot/github_actions/dot-github/workflo…

c2d4383

…ws/actions/download-artifact-7

Merge pull request #3365 from github/dependabot/github_actions/dot-gi…

b5e1a28

…thub/workflows/actions/download-artifact-7 Bump actions/download-artifact from 6 to 7 in /.github/workflows

Use full names for GitHub variants

a2ee53c

henrymercer and others added 9 commits December 16, 2025 13:42

Merge pull request #3351 from github/henrymercer/ghec-dr-determine-to…

c07cc0d

…ols-version-from-ffs Determine CodeQL version from feature flags on GHEC-DR

Prefer performance.now()

0cb8633

Use getErrorMessage in log too

ae5de9a

Rename isOverlayBase

19c7f96

Merge branch 'main' into henrymercer/database-upload-telemetry

e962687

Extract version number to constant

d29eddb

Merge pull request #3358 from github/henrymercer/database-upload-tele…

5eb7519

…metry Add status report for uploading databases to API

Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup

998798e

Clean up `JavaMinimizeDependencyJars` feature flag

Update changelog for v4.31.9

1dc115f

github-actions bot assigned henrymercer Dec 16, 2025

henrymercer marked this pull request as ready for review December 16, 2025 18:02

Copilot AI review requested due to automatic review settings December 16, 2025 18:02

henrymercer requested a review from a team as a code owner December 16, 2025 18:02

github-actions bot added the size/L May be hard to review label Dec 16, 2025

Copilot AI reviewed Dec 16, 2025

View reviewed changes

henrymercer approved these changes Dec 16, 2025

View reviewed changes

henrymercer enabled auto-merge December 16, 2025 18:08

henrymercer merged commit 5d4e8d1 into releases/v4 Dec 16, 2025
234 checks passed

henrymercer deleted the update-v4.31.9-998798e34 branch December 16, 2025 18:30

github-actions bot mentioned this pull request Dec 16, 2025

Merge releases/v4 into releases/v3 #3373

Merged

8 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge main into releases/v4#3371

Merge main into releases/v4#3371
henrymercer merged 39 commits intoreleases/v4from
update-v4.31.9-998798e34

github-actions bot commented Dec 16, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

github-actions bot commented Dec 16, 2025

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants