Update default bundle to 2.25.4#3881
Merged
redsun82 merged 2 commits intomaingithub/codeql-action:mainfrom May 7, 2026
update-bundle/codeql-bundle-v2.25.4github/codeql-action:update-bundle/codeql-bundle-v2.25.4Copy head branch name to clipboard
Merged
Update default bundle to 2.25.4#3881redsun82 merged 2 commits intomaingithub/codeql-action:mainfrom update-bundle/codeql-bundle-v2.25.4github/codeql-action:update-bundle/codeql-bundle-v2.25.4Copy head branch name to clipboard
redsun82 merged 2 commits intomaingithub/codeql-action:mainfrom
update-bundle/codeql-bundle-v2.25.4github/codeql-action:update-bundle/codeql-bundle-v2.25.4Copy head branch name to clipboard
Conversation
redsun82
approved these changes
May 7, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the action’s default CodeQL bundle/CLI version to 2.25.4 so that tools: linked (and the GHES-linked default) uses the new bundle by default.
Changes:
- Bump
bundleVersion/cliVersiondefaults to 2.25.4 and roll forward theprior*versions. - Update the UNRELEASED changelog entry to reflect the new default bundle version.
- Regenerate the compiled
lib/artifacts to reflect the updated defaults.
Show a summary per file
| File | Description |
|---|---|
| src/defaults.json | Updates default and prior CodeQL bundle/CLI versions to 2.25.4/2.25.3. |
| CHANGELOG.md | Adds an UNRELEASED entry documenting the default bundle bump to 2.25.4. |
| lib/upload-sarif-action.js | Generated build output reflecting updated defaults. |
| lib/upload-lib.js | Generated build output reflecting updated defaults. |
| lib/start-proxy-action.js | Generated build output reflecting updated defaults. |
| lib/setup-codeql-action.js | Generated build output reflecting updated defaults. |
| lib/init-action.js | Generated build output reflecting updated defaults. |
| lib/init-action-post.js | Generated build output reflecting updated defaults. |
| lib/defaults.json | Generated copy of defaults reflecting updated versions. |
| lib/autobuild-action.js | Generated build output reflecting updated defaults. |
| lib/analyze-action.js | Generated build output reflecting updated defaults. |
Copilot's findings
- Files reviewed: 2/11 changed files
- Comments generated: 0
This was referenced May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the default CodeQL bundle, as used with
tools: linkedand on GHES, to 2.25.4.