Skip to content

Merge main into releases/v4#3235

Merged
mbg merged 84 commits intoreleases/v4from
update-v4.31.0-1d36546c1
Oct 24, 2025
Merged

Merge main into releases/v4#3235
mbg merged 84 commits intoreleases/v4from
update-v4.31.0-1d36546c1

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Oct 24, 2025
edited by mbg
Loading

Merging 1d36546 into releases/v4.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v4 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

mbg and others added 30 commits October 14, 2025 19:49
@mbg
Use uploadSarif rather than uploadFiles in analyze action
2ade8a0
@mbg
Add and use parseUserConfig
66df0bc 
- Throws a `ConfigurationError` if parsing the YAML fails
- Add a couple of tests for it
@mbg
Add and validate UserConfig schema
ac922ab
@mbg
Add additional regex to CliConfigErrorCategory.PackCannotBeFound
4f14649
@mbg
Add checkExpectedLogMessages function to testing-utils
913cd47
@mbg
Log validation errors
0822fb1
@mbg
Include first 10 errors in exception message
d7a8ae5
@mbg
Add FF for config validation
2c8f489
@mbg
Make schema for QueryFilter less strict
9ce56a2
@github-actions
Update changelog and version after v4.30.9
b03dcd5
@github-actions
Rebuild
aa0f6ea
@henrymercer
Merge pull request #3215 from github/mergeback/v4.30.9-to-main-16140ae1
d88a554 
Mergeback v4.30.9 refs/heads/releases/v4 into main
@henrymercer
Handle HTTP errors with httpStatusCode property
c64c407
@henrymercer
Wrap API configuration errors when setting up CodeQL
a6b9514
@henrymercer
Add experimental functionality for labelling PRs by their size
8c324fe
@henrymercer
Update workflow name
519594f
@henrymercer
Update .github/sizeup.yml
08e53be 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@henrymercer
Add score for XL
f2f52d0
@henrymercer
Bump sizes a bit
c13672e
@henrymercer @mbg
Comment version that is pinned
e9daf5b 
Co-authored-by: Michael B. Gale <mbg@github.com>
@henrymercer
Merge pull request #3218 from github/henrymercer/pr-sizes
6562050 
Add experimental functionality for labelling PRs by their size
@dependabot
Bump the npm-minor group with 5 updates
a3ff966 
Bumps the npm-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [octokit](https://github.com/octokit/octokit.js) | `5.0.3` | `5.0.4` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.37.0` | `9.38.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.46.0` | `8.46.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.46.0` | `8.46.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.25.10` | `0.25.11` |


Updates `octokit` from 5.0.3 to 5.0.4
- [Release notes](https://github.com/octokit/octokit.js/releases)
- [Commits](octokit/octokit.js@v5.0.3...v5.0.4)

Updates `@eslint/js` from 9.37.0 to 9.38.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.38.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.46.0 to 8.46.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.46.0 to 8.46.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.1/packages/parser)

Updates `esbuild` from 0.25.10 to 0.25.11
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.25.10...v0.25.11)

---
updated-dependencies:
- dependency-name: octokit
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@eslint/js"
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.46.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.46.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: esbuild
  dependency-version: 0.25.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
2357c43
@dependabot
Bump actions/setup-node from 5 to 6 in /.github/workflows
53588c5 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
06f31ec
@mbg
Merge pull request #3220 from github/dependabot/github_actions/dot-gi…
bee06ec 
…thub/workflows/actions/setup-node-6

Bump actions/setup-node from 5 to 6 in /.github/workflows
@mbg
Merge pull request #3219 from github/dependabot/npm_and_yarn/npm-mino…
ffed63a 
…r-5ed6ededba

Bump the npm-minor group with 5 updates
@mbg
Merge pull request #3203 from github/mbg/errors/more-user-errors
9b0ac1c 
Handle user errors for invalid `UserConfig`s and missing query files
@henrymercer
Require message field too
40e2646
@henrymercer
Simplify API error checks
e6e649a
mbg and others added 19 commits October 23, 2025 13:34
@mbg
Fix fallback not being guarded by uploadKind check
f48b54a
@mbg
Bump timeout for analyze-action-env test
8376af2
@mbg
Bump timeout for analyze-action-input test
da64a41
@mbg
Merge pull request #3228 from github/mbg/test/timeout
1c3c806 
Bump timeout for `analyze-action-env` test
@mbg
Merge branch 'main' into mbg/permission-warning
690d276
@mbg
Merge pull request #3227 from github/mbg/permission-warning
9625890 
Update wording in some log messages
@kaspersv
Overlay: Lower size limit for overlay base databases
22d29ca
@mbg
Merge remote-tracking branch 'origin/main' into mbg/upload-lib/post-p…
b9cd368 
…rocess
@kaspersv
Merge pull request #3231 from github/kaspersv/lower-overlay-base-size…
956c567 
…-limit

Overlay: Lower size limit for overlay base databases
@mbg
Consistently use "post-processing"
f0452d5
@mbg
Check that outputPath is non-empty
710606c
@mbg
Merge pull request #3222 from github/mbg/upload-lib/post-process
d75645b 
Perform SARIF post-processing independently of upload
@mbg
Add getOptionalEnvVar function
ad35676 
Also add tests for it and `getRequiredEnvParam`
@henrymercer
Merge pull request #3223 from github/henrymercer/bump-minimum
e576807 
Bump minimum CodeQL Bundle version to 2.17.6
@mbg
Use getOptionalEnvVar in writePostProcessedFiles
1ecd563
@mbg
Merge pull request #3233 from github/mbg/getOptionalEnvVar
b843cbe 
Add `getOptionalEnvVar` helper
@mbg
Add changelog entry for post-processing change
08ada26
@mbg
Merge pull request #3234 from github/mbg/changelog/post-processing
1d36546 
Add changelog entry for post-processing change
@github-actions
Update changelog for v4.31.0
8f11182
@github-actions github-actions bot added the size/XXL May be extremely hard to review label Oct 24, 2025
@mbg mbg marked this pull request as ready for review October 24, 2025 16:51
@mbg mbg requested a review from a team as a code owner October 24, 2025 16:51
Copilot AI review requested due to automatic review settings October 24, 2025 16:51
Copilot AI reviewed Oct 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This is a release PR merging changes from main into releases/v4 for version 4.31.0. The PR includes multiple merged pull requests that implement improvements to SARIF file processing, error handling, dependency updates, and various code quality enhancements.

Key changes:

  • Bumped minimum CodeQL bundle version from 2.16.6 to 2.17.6
  • Refactored SARIF upload logic to always perform post-processing, even when uploads are disabled
  • Added new post-processed-sarif-path input to the analyze action for saving post-processed SARIF files

Reviewed Changes

Copilot reviewed 63 out of 66 changed files in this pull request and generated no comments.

Show a summary per file
File Description
package.json Version bump to 4.31.0 and dependency updates
CHANGELOG.md Release notes for version 4.31.0
src/upload-sarif.ts Renamed function and added post-processing support with upload kind parameter
src/upload-lib.ts Refactored to separate post-processing from upload logic
src/analyze-action.ts Updated to use new upload architecture with conditional upload
src/util.ts Added asHTTPError helper and getOptionalEnvVar function
src/codeql.ts Bumped minimum CodeQL version constant
src/workflow.ts, src/tar.ts, etc. Applied optional chaining improvements
analyze/action.yml Added new post-processed-sarif-path input
.github/workflows/*.yml Updated setup-node action from v5 to v6
lib/*.js Generated JavaScript from TypeScript sources

@mbg mbg enabled auto-merge October 24, 2025 17:05
@mbg mbg merged commit 4e94bd1 into releases/v4 Oct 24, 2025
242 checks passed
@mbg mbg deleted the update-v4.31.0-1d36546c1 branch October 24, 2025 17:08
@github-actions github-actions bot mentioned this pull request Oct 24, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

size/XXL May be extremely hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbg @henrymercer @kaspersv