Merge main into releases/v4 by github-actions[bot] · Pull Request #3447 · github/codeql-action

github-actions · Feb 2, 2026

Merging f52cbc8 into releases/v4.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

Ensure the CHANGELOG displays the correct version and date.
Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
Check that there are not any unexpected commits being merged into the releases/v4 branch.
Ensure the docs team is aware of any documentation changes that need to be released.
Mark the PR as ready for review to trigger the full set of PR checks.
Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
Merge the mergeback PR that will automatically be created once this PR is merged.
Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

- Move it out of the failed SARIF reporting so we compute the job status whether or not we have a CodeQL config. - Add comments to clarify what happens in the case that the CodeQL config is absent.

Mergeback v4.32.0 refs/heads/releases/v4 into main

Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 7.0.0 to 8.0.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@actions/github" dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.284.0 to 1.286.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@80740b3...90be115) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.286.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…thub/workflows/actions-minor-69d791f5c9 Bump ruby/setup-ruby from 1.284.0 to 1.286.0 in /.github/workflows in the actions-minor group across 1 directory

…ies-for-orgs Tolerate errors loading repository properties

Remove `gh` setup from global proxy test

Bumps the npm-minor group with 7 updates: | Package | From | To | | --- | --- | --- | | [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact) | `5.0.2` | `5.0.3` | | [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache) | `5.0.3` | `5.0.5` | | [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `2.0.2` | `2.0.3` | | [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) | `0.5.0` | `0.5.1` | | [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `3.0.1` | `3.0.2` | | [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) | `3.0.0` | `3.0.1` | | [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `62.2.0` | `62.3.0` | Updates `@actions/artifact` from 5.0.2 to 5.0.3 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact) Updates `@actions/cache` from 5.0.3 to 5.0.5 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache) Updates `@actions/core` from 2.0.2 to 2.0.3 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) Updates `@actions/glob` from 0.5.0 to 0.5.1 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob) Updates `@actions/http-client` from 3.0.1 to 3.0.2 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client) Updates `@actions/tool-cache` from 3.0.0 to 3.0.1 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) Updates `eslint-plugin-jsdoc` from 62.2.0 to 62.3.0 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](gajus/eslint-plugin-jsdoc@v62.2.0...v62.3.0) --- updated-dependencies: - dependency-name: "@actions/artifact" dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@actions/cache" dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@actions/core" dependency-version: 2.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@actions/glob" dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@actions/http-client" dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: "@actions/tool-cache" dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: eslint-plugin-jsdoc dependency-version: 62.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…r-6271c457c1 Bump the npm-minor group with 7 updates

Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.6 to 7.5.7. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.6...v7.5.7) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bump tar from 7.5.6 to 7.5.7

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.3.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…ub-script`

…-parser-5.3.4 Bump fast-xml-parser from 5.3.3 to 5.3.4

henrymercer and others added 30 commits January 23, 2026 17:07

Simplify computation of job status

dcd1b12

- Move it out of the failed SARIF reporting so we compute the job status whether or not we have a CodeQL config. - Add comments to clarify what happens in the case that the CodeQL config is absent.

Only load repository properties for repos owned by orgs

e142eee

Improve logging when no known repository properties found

4e14537

Add result type

f4b47e7

Tolerate failures loading repository properties

d9e374e

Add feature flag to skip file coverage information on PRs

e7ece62

Add fine-grained tokens to GITHUB_TOKEN_PATTERNS

aac4202

Use enum for token types

49cdf74

Extend unit tests to cover all token types

0ae8b05

Add isAuthToken function, with tests

0fcbec3

Move makeTestToken to testing-utils

c12cf8d

Warn if a private registry configuration uses a PAT, but has no username

9fccf27

Remove unused database print-baseline

e8c164b

Use FF to disable baseline file coverage

4918026

Mention caveat in feature JSDoc

919e8aa

Don't log empty summaries

12c4c7d

Log when file coverage info is disabled

1996ca9

Indulge caniuse-lite to avoid build warnings

18c2cfc

Move to separate function

17cd475

Improve log message

9a55d5b

Explain why we ignore extra baseline files options

f1aa4f4

Exclude PR check from feature flag

bf20b3e

Update changelog and version after v4.32.0

13a6d8b

Rebuild

e7d3af2

Merge pull request #3429 from github/mergeback/v4.32.0-to-main-b20883b0

ee1e139

Mergeback v4.32.0 refs/heads/releases/v4 into main

Rebuild

46a8de5

Merge branch 'main' into mbg/start-proxy/warn-if-pat-without-username

0a0c3a2

Merge pull request #3433 from github/dependabot/github_actions/dot-gi…

bd9f639

…thub/workflows/actions-minor-69d791f5c9 Bump ruby/setup-ruby from 1.284.0 to 1.286.0 in /.github/workflows in the actions-minor group across 1 directory

henrymercer and others added 18 commits January 27, 2026 15:19

Add basic unit tests for Result class

679da45

Merge branch 'main' into henrymercer/only-request-properties-for-orgs

38ba96d

Log repository owner type explicitly

0720e13

Update comments

9aa0515

Merge pull request #3421 from github/henrymercer/only-request-propert…

eb5bd2d

…ies-for-orgs Tolerate errors loading repository properties

Remove gh setup from global proxy test

f7f9d3f

Merge pull request #3439 from github/mbg/fix-proxy-test

1314d3d

Remove `gh` setup from global proxy test

Rebuild

48f3548

Merge pull request #3440 from github/dependabot/npm_and_yarn/npm-mino…

b2ff80d

…r-6271c457c1 Bump the npm-minor group with 7 updates

Merge pull request #3443 from github/dependabot/npm_and_yarn/tar-7.5.7

f985be5

Bump tar from 7.5.6 to 7.5.7

Rebuild

a6ccefb

Pin @actions/tool-cache@3 in workflows to avoid failures with `gith…

3e58739

…ub-script`

Merge pull request #3446 from github/mbg/ci/pin-node-packages

c5aaca4

Merge pull request #3445 from github/dependabot/npm_and_yarn/fast-xml…

f52cbc8

…-parser-5.3.4 Bump fast-xml-parser from 5.3.3 to 5.3.4

Update changelog for v4.32.1

cedee6d

github-actions bot assigned henrymercer Feb 2, 2026

Add a couple of change notes

42f00f2

github-actions bot added the size/XL May be very hard to review label Feb 2, 2026

henrymercer marked this pull request as ready for review February 2, 2026 14:41

henrymercer requested a review from a team as a code owner February 2, 2026 14:41

Copilot AI review requested due to automatic review settings February 2, 2026 14:41

henrymercer approved these changes Feb 2, 2026

View reviewed changes

Copilot started reviewing on behalf of henrymercer February 2, 2026 14:42 View session

henrymercer enabled auto-merge February 2, 2026 14:47

henrymercer merged commit 6bc82e0 into releases/v4 Feb 2, 2026
484 of 497 checks passed

henrymercer deleted the update-v4.32.1-f52cbc830 branch February 2, 2026 15:09

github-actions bot mentioned this pull request Feb 2, 2026

Merge releases/v4 into releases/v3 #3449

Merged

8 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge main into releases/v4#3447

Merge main into releases/v4#3447
henrymercer merged 74 commits intoreleases/v4github/codeql-action:releases/v4from
update-v4.32.1-f52cbc830github/codeql-action:update-v4.32.1-f52cbc830Copy head branch name to clipboard

github-actions bot commented Feb 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Comments

Search code, repositories, users, issues, pull requests...

Conversation

github-actions bot commented Feb 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Comments