Skip to content

Merge main into releases/v3#2977

Merged
koesie10 merged 65 commits intoreleases/v3from
update-v3.29.3-7710ed11e
Jul 21, 2025
Merged

Merge main into releases/v3#2977
koesie10 merged 65 commits intoreleases/v3from
update-v3.29.3-7710ed11e

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jul 21, 2025
edited by koesie10
Loading

Merging 7710ed1 into releases/v3.

Conductor for this PR is @koesie10.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

github-actions bot and others added 30 commits June 25, 2025 00:17
@github-actions
Update supported GitHub Enterprise Server versions
83de9b0
@mbg
Check that proxy configurations are an array
e9938e3
@mbg
Check that individual proxy configurations are objects
ca0540d
@mbg
Check for null in addition to undefined; extend tests accordingly
6b83dc3
@mbg
Include goproxy_server in configuration filtering tests
9281048
@github-actions
Update changelog and version after v3.29.2
6881d2c
@github-actions
Update checked-in dependencies
144d3b8
@mbg
Merge pull request #2958 from github/mergeback/v3.29.2-to-main-181d5eef
dcc1a66 
Mergeback v3.29.2 refs/heads/releases/v3 into main
@koesie10
Remove support for combining SARIF runs with non-unique categories
612df8d
@koesie10
Merge pull request #2959 from github/koesie10/remove-combine-runs
33f8489 
Remove support for combining SARIF runs with non-unique categories
@mbg
Merge pull request #2956 from github/mbg/start-proxy/validation-impro…
b694213 
…vements

Improve JSON validation in `start-proxy` action
@cklin
Add AugmentationProperties.overlayDatabaseMode
9022c73 
This commit adds overlayDatabaseMode to AugmentationProperties and
creates a placeholder getOverlayDatabaseMode() function, with the
necessary inputs, to populate it.
@cklin
config-utils: populate getOverlayDatabaseMode()
ee8a8c4 
This commit populates getOverlayDatabaseMode() in config-utils with the
same code from getOverlayDatabaseMode() in init.
@cklin
databaseInitCluster: use overlayDatabaseMode from config
a336faa 
This commit changes databaseInitCluster() to use overlayDatabaseMode
from AugmentationProperties instead of the overlayDatabaseMode
parameter. There is no behavior change because both overlayDatabaseMode
values are computed the same way.

The commit then cleans up the overlayDatabaseMode parameter and the code
paths that feed into it.
@cklin
Add isAnalyzingPullRequest()
60a2a7d
@cklin
Add Feature.OverlayAnalysis
da758dc
@cklin
getOverlayDatabaseMode: use Feature.OverlayAnalysis
93e8729 
This commit changes getOverlayDatabaseMode so that, when
Feature.OverlayAnalysis is enabled, it calculates the overlay database
mode automatically based on analysis metadata. If we are analyzing the
default branch, use OverlayBase, and if we are analyzing a PR, use
Overlay.

If CODEQL_OVERLAY_DATABASE_MODE is set to a valid overlay database mode,
that environment variable still takes precedence.
@cklin
Limit OverlayAnalysis to internal repos
b442537
@cklin
Add AugmentationProperties.useOverlayDatabaseCaching
d42ce71 
This commit adds useOverlayDatabaseCaching to AugmentationProperties to
indicate whether the action should upload overlay-base databases to the
actions cache and to download a cached overlay-base database when
creating an overlay database.
@cklin
Upload overlay-base database to actions cache
6ca06f4
@cklin
Extract checkOverlayBaseDatabase()
b95402d
@cklin
Download overlay-base database from actions cache
2fc04c8
@cklin
Override cleanup-level for overlay-base database
42835b3
@cklin
Add "overlay" to SARIF incrementalMode run property
6a51e63
@koesie10
Unconditionally disable combining SARIF files for GHES 3.18
aafbeb2
@cklin
Add getPullRequestBranches() tests
8c5122e
@cklin
Add getOverlayDatabaseMode() tests
95a1b7e
@cklin
build: refresh js files
ec836d6
@cklin
Merge pull request #2945 from github/cklin/overlay-analysis
624d0bc 
Basic support for overlay PR analysis
@koesie10
Merge pull request #2961 from github/koesie10/disable-combine-sarif-f…
f53ec7c 
…iles-ghes

Unconditionally disable combining SARIF files for GHES 3.18
koesie10 and others added 22 commits July 14, 2025 13:18
@koesie10
Move comment to JSDoc
c6a6c14
@koesie10
Merge pull request #2969 from github/koesie10/fix-ghes-version-parsing
6f936b5 
Fix parsing of GHES pre-release versions
@dependabot @aibaars
Bump the npm group across 1 directory with 7 updates
0c2ac60 
Bumps the npm group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node-forge](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge) | `1.3.11` | `1.3.12` |
| [@ava/typescript](https://github.com/avajs/typescript) | `4.1.0` | `6.0.0` |
| [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `1.1.1` | `1.3.1` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.28.0` | `9.30.1` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.33.1` | `8.35.1` |
| [sinon](https://github.com/sinonjs/sinon) | `20.0.0` | `21.0.0` |



Updates `@types/node-forge` from 1.3.11 to 1.3.12
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node-forge)

Updates `@ava/typescript` from 4.1.0 to 6.0.0
- [Release notes](https://github.com/avajs/typescript/releases)
- [Commits](avajs/typescript@v4.1.0...v6.0.0)

Updates `@eslint/compat` from 1.1.1 to 1.3.1
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v1.3.1/packages/compat)

Updates `@eslint/js` from 9.28.0 to 9.30.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.30.1/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.33.1 to 8.35.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.33.1 to 8.35.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/parser)

Updates `sinon` from 20.0.0 to 21.0.0
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/commits)

---
updated-dependencies:
- dependency-name: "@types/node-forge"
  dependency-version: 1.3.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@ava/typescript"
  dependency-version: 6.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@eslint/compat"
  dependency-version: 1.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-version: 9.30.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.35.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.35.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: sinon
  dependency-version: 21.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@aibaars
Update ava
bbf184b
@aibaars
Fix tests
ca53360
@aibaars
Run: npx update-browserslist-db@latest
0b8d278
@aibaars
Make eslint happy
15605b1
@github-actions @aibaars
Update checked-in dependencies
37e3c31
@aibaars
npm run build
38fdaed
@aibaars
Merge pull request #2963 from github/dependabot/npm_and_yarn/npm-d16e…
0d17ea4 
…acb461

Bump the npm group across 1 directory with 7 updates
@koesie10
Ignore pre-release parts when comparing GHES versions
e30db30
@cklin
Replicate "too many feature flags" error in test
3eaefb4
@cklin
Limit Code Scanning API to 25 features per request
709cf22
@cklin
build: refresh js files
3fb562d
@koesie10
Merge pull request #2972 from github/koesie10/ghes-satisfies
07455ed 
Ignore pre-release parts when comparing GHES versions
@cklin
Merge pull request #2967 from github/cklin/overlay-feature-flags
03a2a17 
Overlay: additional feature flags
@cklin
Feature.DiffInformedQueries: default to true
aefb854
@cklin
Diff-informed analysis: disable for GHES below 3.19
614b64c
@cklin
Add diff-informed-analysis-utils.test.ts
3aef410
@cklin
build: refresh js files
6a49a8c
@cklin
Merge pull request #2970 from github/cklin/diff-informed-feature-enable
7710ed1 
Enable Feature.DiffInformedQueries
@github-actions
Update changelog for v3.29.3
210cc9b
@koesie10 koesie10 marked this pull request as ready for review July 21, 2025 09:35
Copilot AI review requested due to automatic review settings July 21, 2025 09:35
@koesie10 koesie10 requested a review from a team as a code owner July 21, 2025 09:35
Copilot AI reviewed Jul 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges changes from the main branch into the releases/v3 branch, consolidating 11 different pull requests for a v3.29.3 release. The changes primarily focus on improving SARIF file handling, overlay database management, test infrastructure, and timeout handling.

Key Changes:

  • Enhanced SARIF file combination logic with new deprecation warnings and blocking features for GHES 3.18+
  • Improved overlay database functionality with automatic caching and configuration management
  • Strengthened test infrastructure with better timeout handling and feature flag testing capabilities

Reviewed Changes

Copilot reviewed 27 out of 2280 changed files in this pull request and generated 4 comments.

Show a summary per file

:

File Description
util.test.js Added timeout cleanup to prevent resource leaks in test
util.js Exported new satisfiesGHESVersion function for version checking
upload-lib.test.js Added comprehensive test coverage for SARIF file combination blocking
upload-lib.js Enhanced SARIF handling with new blocking logic and updated deprecation dates
testing-utils.js Added feature flag stubbing capabilities and test configuration improvements
start-proxy.test.js Enhanced credential validation tests with better error handling
start-proxy.js Improved credential parsing with stricter validation
feature-flags.js Added overlay analysis features and improved API request batching
config-utils.js Major refactoring of overlay database mode configuration logic
Various other files Supporting changes for overlay analysis, API compatibility, and test improvements

mbg
mbg approved these changes Jul 21, 2025
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I see no issues with merging this after the other release is done.

@koesie10 koesie10 merged commit d6bbdef into releases/v3 Jul 21, 2025
277 checks passed
@koesie10 koesie10 deleted the update-v3.29.3-7710ed11e branch July 21, 2025 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@koesie10 koesie10

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mbg @koesie10 @cklin @aibaars