Skip to content

Bump github/codeql-action from 4.31.0 to 4.31.2 in the github-actions group across 1 directory #2005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

Bump github/codeql-action from 4.31.0 to 4.31.2 in the github-actions group across 1 directory #2005

merged 1 commit into from
Nov 3, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 3, 2025

Bumps the github-actions group with 1 update in the / directory: github/codeql-action.

Updates github/codeql-action from 4.31.0 to 4.31.2

Release notes

Sourced from github/codeql-action's releases.

v4.31.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.2 - 30 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

  • [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

... (truncated)

Commits
  • 0499de3 Merge pull request #3261 from github/henrymercer/setup-python
  • 3b96745 Set up Python in mergeback workflow
  • 8a06050 Merge pull request #3259 from github/update-v4.31.2-9576b5cbe
  • 752a642 Update changelog for v4.31.2
  • 9576b5c Merge pull request #3258 from github/mbg/enablement-errors/case-insensitive
  • cc88437 Merge pull request #3257 from github/henrymercer/ubuntu-slim
  • f0e9bf0 Make isEnablementError case-insensitive
  • 2a3599c Run lightweight workflows on ubuntu-slim
  • 514ff4d Merge pull request #3256 from github/henrymercer/resolve-bad-merge
  • aab1c2f Merge pull request #3253 from github/mergeback/v4.31.1-to-main-5fe9434c
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump github/codeql-action in the github-actions group across 1 directory
93c1c6e 
Bumps the github-actions group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.0 to 4.31.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4e94bd1...0499de3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 3, 2025
@jakebailey jakebailey added this pull request to the merge queue Nov 3, 2025
Merged via the queue into main with commit d67385b Nov 3, 2025
22 checks passed
@jakebailey jakebailey deleted the dependabot/github_actions/github-actions-02cf758a13 branch November 3, 2025 16:05
nathanwhit added a commit to denoland/typescript-go that referenced this pull request Dec 2, 2025
@nathanwhit @gabritto
@jakebailey @andrewbranch @a-tarasyuk @mjbvz @RyanCavanaugh @DanielRosenwasser @Twacqwq @ahejlsberg @dependabot @iisaduan @johnfav03 @weswigham @haoqixu @sheetalkamat @sandersn @weifangc
Merge main (#15)
98363d6 
* Port 'go to type definition' tests (microsoft#1883)

* Fix panic in `getTokenAtPosition` for JSDoc type assertions (microsoft#1846)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>
Co-authored-by: andrewbranch <[email protected]>
Co-authored-by: Andrew Branch <[email protected]>

* Don’t look in JSExportAssignment and CommonJSExport for nodes (microsoft#1886)

* Fix link in native preview platform packages (microsoft#1838)

* fix(1880): No error message for JSDoc type parsing (microsoft#1881)

* Add vscode editor issue template (microsoft#1893)

Co-authored-by: Ryan Cavanaugh <[email protected]>

* Add "Report Issue" button to TSGO status bar commands (microsoft#1889)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: DanielRosenwasser <[email protected]>
Co-authored-by: Daniel Rosenwasser <[email protected]>

* fix(1898): adjust location handling in find-refs (microsoft#1901)

* Fix panic of empty string in type reference directive (microsoft#1908)

* Consistently error on full circle of circular import aliases (microsoft#1904)

* Fix panic in textDocument/onTypeFormatting when tokenAtPosition is nil (microsoft#1845)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Update submodule (microsoft#1913)

* Disable create-cache.yml in forks (microsoft#1912)

* Forbid platform specific package uses in agnostic files (microsoft#1911)

* Fix JSDoc comment formatting with tab indentation (microsoft#1900)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Clear local baseline dir in hereby test (microsoft#1921)

* Unskip passing fourslash test (microsoft#1922)

* Support auto-import completion fourslash tests, fix bugs (microsoft#1917)

* Fix JSX indentation in JavaScript output (microsoft#1792)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Implement printAllHelp to fix `tsgo --all` producing no output (microsoft#1843)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Bump the github-actions group across 1 directory with 2 updates (microsoft#1909)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jake Bailey <[email protected]>

* Ensure os package is forbidden in lint (microsoft#1924)

* Speed up levenshteinWithMax by reusing buffers (microsoft#1823)

* Fix incorrect formatting for comments inside multi-line argument lists and method chains (microsoft#1929)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Handle nil end position in getMappedLocation (microsoft#1920)

* Fix formatter adding extra space at end of line without trailing newline (microsoft#1933)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Fix vscode issue template (microsoft#1934)

* userpreferences parsing/ls config handing (microsoft#1729)

* Plumb through TokenFlagsSingleQuote; use for auto import quote detection (microsoft#1937)

* Invalidate caches on batches of 1000+ watch changes (microsoft#1869)

* Create clickable links in quick info from @link JSDoc tags (microsoft#1935)

* Don't report errors on `{@link foo.bar}` references (microsoft#1941)

* Fix crash in `invocationErrorRecovery` function (microsoft#1944)

* Fix leading source file comment emit bugs (microsoft#1945)

* Implement selection ranges (microsoft#1939)

* Fix porting bug in isArgumentAndStartLineOverlapsExpressionBeingCalled (microsoft#1948)

* Add Range to Hover (microsoft#1489)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: DanielRosenwasser <[email protected]>
Co-authored-by: Jake Bailey <[email protected]>

* Properly handle hovering on `this` (microsoft#1953)

* Bump the github-actions group across 1 directory with 2 updates (microsoft#1959)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fixed document highlight for reference directive (microsoft#1951)

* Several fixes to JS typing of functions and methods (microsoft#1960)

* Update submodule, port 6.0 options defaults (microsoft#1961)

* Reapply microsoft#1951 and microsoft#1960 after bad merge (microsoft#1964)

Co-authored-by: Anders Hejlsberg <[email protected]>
Co-authored-by: John Favret <[email protected]>

* Update submodule with ES5 removals (microsoft#1963)

* Actually transform KindCommonJSExport in declaration emit (microsoft#1962)

* Quick Info fixes (microsoft#1971)

* Fix various named enum types (microsoft#1973)

* Move change tracker, converters, utils to separate packages (microsoft#1977)

* Consistent rules for mixing `@type`, `@param`, `@return`, `@template` (microsoft#1979)

* Check for identifier before obtaining text of name (microsoft#1984)

* Respect client capabilities for diagnostics (microsoft#1980)

* Store explicitly declared members ahead of inherited members (microsoft#1987)

* Add --checkers to control number of checkers per Program (microsoft#1985)

* Export all types referenced through other exported APIs, enforce (microsoft#1978)

* Switch custom runners from mariner-2.0 to azure-linux-3 (microsoft#1989)

* Use `LocationLink` in go to definition (microsoft#1884)

* Use a different set of commands to detect fourslash test updates (microsoft#1923)

* Skip erasableSyntaxOnly checks for JavaScript files (microsoft#1956)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Update submodule for new cherry-picks (microsoft#1996)

* Port TypeScript PR #62604: Propagate variance reliability (microsoft#1916)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: RyanCavanaugh <[email protected]>
Co-authored-by: Jake Bailey <[email protected]>

* Only export `@typedef` type aliases in modules (microsoft#1999)

* Bump github/codeql-action from 4.31.0 to 4.31.2 in the github-actions group across 1 directory (microsoft#2005)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Hoist @typedef and @import tags to containing scopes that permit them (microsoft#2003)

* Remove concept of "unsupported extensions", clean up test skips  (microsoft#2004)

* Update golangci-lint, fix issues, modernize (microsoft#1981)

* Implement more handling of client capabilities (microsoft#1998)

* Add docs to signature help (microsoft#2009)

Co-authored-by: Copilot <[email protected]>

* Fix unused identifier diags, LSP tag diags (microsoft#2007)

* fix(2015): abstract property created, overshadowing override (microsoft#2016)

* Always check refCount after acquiring lock (microsoft#1986)

* Delete resolver unit tests (microsoft#2008)

* Fix missing parent for `Expression` in `TypeParameterDeclaration` (microsoft#2017)

* Add missing nil check in `getCompletionItemActions` (microsoft#2018)

* Fix crash in find-all-refs on `exports.xxx` in .js file (microsoft#2023)

* Properly include JSX attributes in find-all-references (microsoft#2025)

* Fix crash by removing `getNameFromImportDeclaration` in favor of `Node.Name()` (microsoft#2027)

* Fix losing options from command line in watch mode (microsoft#2024)

* Add issue investigator agent (microsoft#2030)

* Switch 1ESPT pipelines to 1ESPT-AzureLinux3 (microsoft#2031)

* Port inlay hints (microsoft#1705)

* Split "use strict" into separate transformer, fix bugs with prologues (microsoft#2028)

Co-authored-by: Sheetal Nandi <[email protected]>

* Use a more cross-architecture-friendly devcontainer image. (microsoft#2034)

* Fix nil pointer dereference in range formatting (microsoft#1993)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: DanielRosenwasser <[email protected]>
Co-authored-by: jakebailey <[email protected]>
Co-authored-by: Daniel Rosenwasser <[email protected]>
Co-authored-by: Copilot <[email protected]>

* Port missing `checkJs` logic (microsoft#2046)

* Ignore reparsed nodes when determining external module indicator (microsoft#2044)

* Fix various fuzzer-caught crashes in the parser (microsoft#2038)

* Fix moduleDetection for node18, fix __esModule in detect=force (microsoft#2045)

* Fix panic in syncmap on loading nil (microsoft#2056)

* Use accessors on `Node` instead of casts and field accesses (microsoft#2052)

* Add locks on concurrent alias following checker accesses under incremental mode (microsoft#2051)

* Don't add `export` modifier to `JSTypeAliasDeclaration` from `@callback` (microsoft#2063)

* Introduce GetECMALineOfPosition to avoid unused rune counting (microsoft#2065)

* Don't add `export` modifier to `KindCommonJSExport` reparsed nodes (microsoft#2066)

* Fix panic in inlay hints for tuple types (microsoft#2040)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Accurately recognize fourslash test as submodule (microsoft#2068)

* Implement auto-import code actions, port tests and fix some bugs (microsoft#2053)

* Port tsc --init (microsoft#2033)

* Make CheckerPool iteration concurrent by default (microsoft#2070)

* Use Microsoft build of Go in CI (microsoft#2069)

* Detect Windows junctions with GetFileAttributesEx (microsoft#2013)

* Fix CI cache workflow (microsoft#2071)

* Use information from contextual type in hovers/quick info (microsoft#2073)

* fix(2074): No quick info on function and other similar tokens (microsoft#2078)

* Unify locks used on checkers between exclusive pool borrows and EmitResolver scopes (microsoft#2080)

* Port non-baseline diagnostics tests (microsoft#2079)

* Use SkipTrivia instead of GetRangeOfTokenAtPosition where possible (microsoft#2089)

* Move unreachable checks to checker, allowing more AST reuse (microsoft#2067)

* Fix scanning of valid surrogate pairs (microsoft#2032)

* Fix misplaced parentheses in `Checker.isIndirectCall` (microsoft#2093)

* Various agent mode updates (microsoft#2094)

* Handle configuration changes in LSP for 'typescript.*' options. (microsoft#2088)

* Fix nil pointer dereference in getAdjustedLocation for type-only exports (microsoft#2090)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Fix nil pointer dereference in code actions when diagnostic code is nil (microsoft#2091)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jakebailey <[email protected]>

* Fully resolve LSP client caps to non-pointers, pass by context (microsoft#2095)

* Fix hover on `module.exports` (microsoft#2098)

* Accept and document jsdoc diffs, round 1 (microsoft#1426)

Co-authored-by: Copilot <[email protected]>
Co-authored-by: Jake Bailey <[email protected]>

* Port baseline diagnostics tests (microsoft#2097)

* Clean up disk space in CI before running (microsoft#2103)

Co-authored-by: Copilot <[email protected]>

* Add GOBIN to PATH in CI (microsoft#2105)

* Make client requests type safe, unmarshal (microsoft#2099)

* Display inherited JSDoc documentation in quick info (microsoft#2111)

* Sort failingTests and manualTests in en-US (microsoft#2113)

* fix(2047): Incomplete declaration emit of callback tag with no return tag (microsoft#2100)

* Fix canHaveSyntheticDefault (microsoft#2101)

* Misc fixes (microsoft#2112)

* chore: fix incorrect function name in comment (microsoft#2109)

Signed-off-by: weifangc <[email protected]>

* Fix typedef binding with CJS `exports=` (microsoft#826)

* Provide Program diagnostics as push diags in tsconfig.json (microsoft#2118)

Co-authored-by: Copilot <[email protected]>

* Update dependencies (microsoft#2116)

* Remove copilot-setup-steps env var (microsoft#2124)

* Fix panic on negative parameterIndex in type predicate flow analysis (microsoft#2122)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: RyanCavanaugh <[email protected]>
Co-authored-by: Ryan Cavanaugh <[email protected]>

* Port tests for go to implementation and diff definitions tests (microsoft#2130)

* Partially fix multi-checker diagnostics consistency (microsoft#2134)

* Implement reportStyleChecksAsWarnings (microsoft#2132)

* Include docs on resolved client caps (microsoft#2135)

* Fix dynamic import grammar check (microsoft#2138)

* Refine LSP with our own types, generate more stuff (microsoft#2141)

* Display all symbol meanings in quick info (microsoft#2144)

* Multiproject requests like find all refs, rename and workspace symbols (microsoft#1991)

* Add stringer-alike String methods to non-string LSP enums (microsoft#2148)

* Enable localization (microsoft#2123)

* Port workspace symbols tests (microsoft#2146)

* Update readme, issue template (microsoft#2140)

* Ignore config port (microsoft#1755)

* fix(2157): jsdocfunction param is inferred as implicit any when directly assigned to module.exports (microsoft#2158)

* fixes after merge

* some more fixes

* more errors

* builds

* fmt

* fix nil pointer deref

* fix error messages

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: weifangc <[email protected]>
Co-authored-by: Gabriela Araujo Britto <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: jakebailey <[email protected]>
Co-authored-by: andrewbranch <[email protected]>
Co-authored-by: Andrew Branch <[email protected]>
Co-authored-by: Andrew Branch <[email protected]>
Co-authored-by: Oleksandr T. <[email protected]>
Co-authored-by: Matt Bierner <[email protected]>
Co-authored-by: Ryan Cavanaugh <[email protected]>
Co-authored-by: DanielRosenwasser <[email protected]>
Co-authored-by: Daniel Rosenwasser <[email protected]>
Co-authored-by: Twacqwq <[email protected]>
Co-authored-by: Anders Hejlsberg <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Isabel Duan <[email protected]>
Co-authored-by: John Favret <[email protected]>
Co-authored-by: Wesley Wigham <[email protected]>
Co-authored-by: RyanCavanaugh <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: xu0o0 <[email protected]>
Co-authored-by: Sheetal Nandi <[email protected]>
Co-authored-by: Nathan Shively-Sanders <[email protected]>
Co-authored-by: weifangc <[email protected]>
Co-authored-by: Ryan Cavanaugh <[email protected]>
Co-authored-by: Nathan Whitaker <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jakebailey jakebailey jakebailey approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jakebailey