Skip to content

Merge main into releases/v4 #3235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 84 commits into from
Oct 24, 2025
Merged

Merge main into releases/v4 #3235

merged 84 commits into from
Oct 24, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Oct 24, 2025
edited by mbg
Loading

Merging 1d36546 into releases/v4.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v4 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

mbg and others added 30 commits October 14, 2025 19:49
@mbg
Use uploadSarif rather than uploadFiles in analyze action
2ade8a0
@mbg
Add and use parseUserConfig
66df0bc 
- Throws a `ConfigurationError` if parsing the YAML fails
- Add a couple of tests for it
@mbg
Add and validate UserConfig schema
ac922ab
@mbg
Add additional regex to CliConfigErrorCategory.PackCannotBeFound
4f14649
@mbg
Add checkExpectedLogMessages function to testing-utils
913cd47
@mbg
Log validation errors
0822fb1
@mbg
Include first 10 errors in exception message
d7a8ae5
@mbg
Add FF for config validation
2c8f489
@mbg
Make schema for QueryFilter less strict
9ce56a2
@github-actions
Update changelog and version after v4.30.9
b03dcd5
@github-actions
Rebuild
aa0f6ea
@henrymercer
Merge pull request #3215 from github/mergeback/v4.30.9-to-main-16140ae1
d88a554 
Mergeback v4.30.9 refs/heads/releases/v4 into main
@henrymercer
Handle HTTP errors with httpStatusCode property
c64c407
@henrymercer
Wrap API configuration errors when setting up CodeQL
a6b9514
@henrymercer
Add experimental functionality for labelling PRs by their size
8c324fe
@henrymercer
Update workflow name
519594f
@henrymercer
Update .github/sizeup.yml
08e53be 
Co-authored-by: Copilot <[email protected]>
@henrymercer
Add score for XL
f2f52d0
@henrymercer
Bump sizes a bit
c13672e
@henrymercer @mbg
Comment version that is pinned
e9daf5b 
Co-authored-by: Michael B. Gale <[email protected]>
@henrymercer
Merge pull request #3218 from github/henrymercer/pr-sizes
6562050 
Add experimental functionality for labelling PRs by their size
@dependabot
Bump the npm-minor group with 5 updates
a3ff966 
Bumps the npm-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [octokit](https://github.com/octokit/octokit.js) | `5.0.3` | `5.0.4` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.37.0` | `9.38.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.46.0` | `8.46.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.46.0` | `8.46.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.25.10` | `0.25.11` |


Updates `octokit` from 5.0.3 to 5.0.4
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](octokit/octokit.js@v5.0.3...v5.0.4)

Updates `@eslint/js` from 9.37.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.38.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.46.0 to 8.46.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.46.0 to 8.46.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.1/packages/parser)

Updates `esbuild` from 0.25.10 to 0.25.11
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.25.10...v0.25.11)

---
updated-dependencies:
- dependency-name: octokit
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@eslint/js"
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.46.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.46.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: esbuild
  dependency-version: 0.25.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
2357c43
@dependabot
Bump actions/setup-node from 5 to 6 in /.github/workflows
53588c5 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@github-actions
Rebuild
06f31ec
@mbg
Merge pull request #3220 from github/dependabot/github_actions/dot-gi…
bee06ec 
…thub/workflows/actions/setup-node-6

Bump actions/setup-node from 5 to 6 in /.github/workflows
@mbg
Merge pull request #3219 from github/dependabot/npm_and_yarn/npm-mino…
ffed63a 
…r-5ed6ededba

Bump the npm-minor group with 5 updates
@mbg
Merge pull request #3203 from github/mbg/errors/more-user-errors
9b0ac1c 
Handle user errors for invalid `UserConfig`s and missing query files
@henrymercer
Require message field too
40e2646
@henrymercer
Simplify API error checks
e6e649a
mbg and others added 19 commits October 23, 2025 13:34
@mbg
Fix fallback not being guarded by uploadKind check
f48b54a
@mbg
Bump timeout for analyze-action-env test
8376af2
@mbg
Bump timeout for analyze-action-input test
da64a41
@mbg
Merge pull request #3228 from github/mbg/test/timeout
1c3c806 
Bump timeout for `analyze-action-env` test
@mbg
Merge branch 'main' into mbg/permission-warning
690d276
@mbg
Merge pull request #3227 from github/mbg/permission-warning
9625890 
Update wording in some log messages
@kaspersv
Overlay: Lower size limit for overlay base databases
22d29ca
@mbg
Merge remote-tracking branch 'origin/main' into mbg/upload-lib/post-p…
b9cd368 
…rocess
@kaspersv
Merge pull request #3231 from github/kaspersv/lower-overlay-base-size…
956c567 
…-limit

Overlay: Lower size limit for overlay base databases
@mbg
Consistently use "post-processing"
f0452d5
@mbg
Check that outputPath is non-empty
710606c
@mbg
Merge pull request #3222 from github/mbg/upload-lib/post-process
d75645b 
Perform SARIF post-processing independently of upload
@mbg
Add getOptionalEnvVar function
ad35676 
Also add tests for it and `getRequiredEnvParam`
@henrymercer
Merge pull request #3223 from github/henrymercer/bump-minimum
e576807 
Bump minimum CodeQL Bundle version to 2.17.6
@mbg
Use getOptionalEnvVar in writePostProcessedFiles
1ecd563
@mbg
Merge pull request #3233 from github/mbg/getOptionalEnvVar
b843cbe 
Add `getOptionalEnvVar` helper
@mbg
Add changelog entry for post-processing change
08ada26
@mbg
Merge pull request #3234 from github/mbg/changelog/post-processing
1d36546 
Add changelog entry for post-processing change
@github-actions
Update changelog for v4.31.0
8f11182
@github-actions github-actions bot added the size/XXL May be extremely hard to review label Oct 24, 2025
@mbg mbg marked this pull request as ready for review October 24, 2025 16:51
@mbg mbg requested a review from a team as a code owner October 24, 2025 16:51
Copilot AI review requested due to automatic review settings October 24, 2025 16:51
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This is a release PR merging changes from main into releases/v4 for version 4.31.0. The PR includes multiple merged pull requests that implement improvements to SARIF file processing, error handling, dependency updates, and various code quality enhancements.

Key changes:

  • Bumped minimum CodeQL bundle version from 2.16.6 to 2.17.6
  • Refactored SARIF upload logic to always perform post-processing, even when uploads are disabled
  • Added new post-processed-sarif-path input to the analyze action for saving post-processed SARIF files

Reviewed Changes

Copilot reviewed 63 out of 66 changed files in this pull request and generated no comments.

Show a summary per file
File Description
package.json Version bump to 4.31.0 and dependency updates
CHANGELOG.md Release notes for version 4.31.0
src/upload-sarif.ts Renamed function and added post-processing support with upload kind parameter
src/upload-lib.ts Refactored to separate post-processing from upload logic
src/analyze-action.ts Updated to use new upload architecture with conditional upload
src/util.ts Added asHTTPError helper and getOptionalEnvVar function
src/codeql.ts Bumped minimum CodeQL version constant
src/workflow.ts, src/tar.ts, etc. Applied optional chaining improvements
analyze/action.yml Added new post-processed-sarif-path input
.github/workflows/*.yml Updated setup-node action from v5 to v6
lib/*.js Generated JavaScript from TypeScript sources

@mbg mbg enabled auto-merge October 24, 2025 17:05
@mbg mbg merged commit 4e94bd1 into releases/v4 Oct 24, 2025
242 checks passed
@mbg mbg deleted the update-v4.31.0-1d36546c1 branch October 24, 2025 17:08
@github-actions github-actions bot mentioned this pull request Oct 24, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

size/XXL May be extremely hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbg @henrymercer @kaspersv