Bump the github-actions group with 14 updates by dependabot[bot] · Pull Request #5 · ZakyHermawan/Giselle

dependabot · 2026-05-01T18:29:39Z

Bumps the github-actions group with 14 updates:

Package	From	To
actions/checkout	`6.0.1`	`6.0.2`
actions/upload-artifact	`6.0.0`	`7.0.1`
actions/download-artifact	`7.0.0`	`8.0.1`
actions/setup-python	`6.1.0`	`6.2.0`
hendrikmuhs/ccache-action	`1.2.20`	`1.2.23`
tj-actions/changed-files	`47.0.1`	`47.0.6`
github/codeql-action	`4.31.9`	`4.35.3`
EnricoMi/publish-unit-test-result-action	`2.22.0`	`2.23.0`
actions/github-script	`8.0.0`	`9.0.0`
maxim-lobanov/setup-xcode	`1.6.0`	`1.7.0`
docker/login-action	`3.6.0`	`4.1.0`
aminya/setup-cpp	`1.7.2`	`1.8.0`
actions/setup-node	`6.1.0`	`6.4.0`
pypa/gh-action-pypi-publish	`1.13.0`	`1.14.0`

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
See full diff in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
See full diff in compare view

Updates actions/download-artifact from 7.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in actions/download-artifact#471

Add a regression test for artifact name + content-type mismatches by @danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Don't attempt to un-zip non-zipped downloads by @danwkennedy in actions/download-artifact#460

Add a setting to specify what to do on hash mismatch and default it to error by @danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

3e5f45b Add regression tests for CJK characters (#471)
e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
f258da9 Add change docs
ccc058e Fix linting issues
bd7976b Add a setting to specify what to do on hash mismatch and default it to error
ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
15999bf Add note about package bumps
974686e Bump the version to v8 and add release notes
fbe48b1 Update test names to make it clearer what they do
Additional commits viewable in compare view

Updates actions/setup-python from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259

Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
See full diff in compare view

Updates hendrikmuhs/ccache-action from 1.2.20 to 1.2.23

Release notes

Sourced from hendrikmuhs/ccache-action's releases.

v1.2.23

What's Changed

Bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in hendrikmuhs/ccache-action#436

Bump @types/node from 25.5.0 to 25.6.0 by @dependabot[bot] in hendrikmuhs/ccache-action#440

Update ccache to 4.13.3 by @crueter in hendrikmuhs/ccache-action#441

Bump brace-expansion by @dependabot[bot] in hendrikmuhs/ccache-action#438

Support platforms without upstream ccache/sccache releases by @luhenry in hendrikmuhs/ccache-action#439

New Contributors

@luhenry made their first contribution in hendrikmuhs/ccache-action#439

Full Changelog: hendrikmuhs/ccache-action@v1.2.22...v1.2.23

v1.2.22

What's Changed

Bump picomatch by @dependabot[bot] in hendrikmuhs/ccache-action#435

Bump fast-xml-parser from 5.4.1 to 5.5.7 by @dependabot[bot] in hendrikmuhs/ccache-action#434

Full Changelog: hendrikmuhs/ccache-action@v1.2.21...v1.2.22

v1.2.21

What's Changed

Bump actions/checkout from 5 to 6 by @dependabot[bot] in hendrikmuhs/ccache-action#396

Bump @types/node from 24.10.0 to 25.2.2 by @dependabot[bot] in hendrikmuhs/ccache-action#417

Bump @actions/cache from 4.1.0 to 6.0.0 by @dependabot[bot] in hendrikmuhs/ccache-action#412

Bump @actions/core from 1.11.1 to 3.0.0 by @dependabot[bot] in hendrikmuhs/ccache-action#413

Bump @actions/exec from 1.1.1 to 3.0.0 by @dependabot[bot] in hendrikmuhs/ccache-action#414

Bump @actions/io from 2.0.0 to 3.0.2 by @dependabot[bot] in hendrikmuhs/ccache-action#416

refactor: add Windows ARM and macOS binaries, use a single Package class, deduplicate some common install code by @crueter in hendrikmuhs/ccache-action#403

Bump @types/node from 25.2.2 to 25.3.3 by @dependabot[bot] in hendrikmuhs/ccache-action#421

Bump jest from 30.2.0 to 30.3.0 by @dependabot[bot] in hendrikmuhs/ccache-action#431

Upgrade Node.js version from 20 to 24 by @janisozaur in hendrikmuhs/ccache-action#427

Bump @types/node from 25.3.3 to 25.5.0 by @dependabot[bot] in hendrikmuhs/ccache-action#430

refactor: generate metadata json file by @crueter in hendrikmuhs/ccache-action#422

tests: add install matrix by @crueter in hendrikmuhs/ccache-action#423

Bump undici from 6.23.0 to 6.24.1 by @dependabot[bot] in hendrikmuhs/ccache-action#429

New Contributors

@crueter made their first contribution in hendrikmuhs/ccache-action#403

Full Changelog: hendrikmuhs/ccache-action@v1.2...v1.2.21

Commits

d62db5f Support platforms without upstream ccache/sccache releases (#439)
05e1c04 update code
46cafa7 Bump brace-expansion (#438)
1f2fc71 Update ccache to 4.13.3 (#441)
a488765 Bump @types/node from 25.5.0 to 25.6.0 (#440)
c97afba Bump handlebars from 4.7.8 to 4.7.9 (#436)
3352247 update code
e44a23f Bump fast-xml-parser from 5.4.1 to 5.5.7 (#434)
bb3037d Bump picomatch (#435)
1bbbcda update code
Additional commits viewable in compare view

Updates tj-actions/changed-files from 47.0.1 to 47.0.6

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.6

What's Changed

Upgraded to v47.0.5 by @github-actions[bot] in tj-actions/changed-files#2816

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2817

chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in tj-actions/changed-files#2818

chore(deps-dev): bump @types/node from 25.3.3 to 25.3.5 by @dependabot[bot] in tj-actions/changed-files#2820

chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 by @dependabot[bot] in tj-actions/changed-files#2819

chore(deps-dev): bump @types/node from 25.3.5 to 25.5.0 by @dependabot[bot] in tj-actions/changed-files#2825

chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @dependabot[bot] in tj-actions/changed-files#2824

chore(deps): bump github/codeql-action from 4.32.6 to 4.35.1 by @dependabot[bot] in tj-actions/changed-files#2834

chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 by @dependabot[bot] in tj-actions/changed-files#2831

chore(deps): bump yaml from 2.8.2 to 2.8.3 by @dependabot[bot] in tj-actions/changed-files#2830

chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 by @dependabot[bot] in tj-actions/changed-files#2829

chore(deps-dev): bump jest from 30.2.0 to 30.3.0 by @dependabot[bot] in tj-actions/changed-files#2822

chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in tj-actions/changed-files#2849

chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 by @dependabot[bot] in tj-actions/changed-files#2848

chore(deps-dev): bump @types/node from 25.5.0 to 25.6.0 by @dependabot[bot] in tj-actions/changed-files#2846

chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in tj-actions/changed-files#2844

chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in tj-actions/changed-files#2843

chore(deps): bump lodash from 4.17.23 to 4.18.1 by @dependabot[bot] in tj-actions/changed-files#2837

Full Changelog: tj-actions/changed-files@v47.0.5...v47.0.6

v47.0.5

What's Changed

Upgraded to v47.0.4 by @github-actions[bot] in tj-actions/changed-files#2802

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2803

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2805

chore(deps-dev): bump @types/node from 25.2.2 to 25.3.2 by @dependabot[bot] in tj-actions/changed-files#2811

chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in tj-actions/changed-files#2810

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in tj-actions/changed-files#2809

chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by @dependabot[bot] in tj-actions/changed-files#2799

chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by @dependabot[bot] in tj-actions/changed-files#2806

chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by @dependabot[bot] in tj-actions/changed-files#2775

chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @dependabot[bot] in tj-actions/changed-files#2774

chore(deps): bump lodash and @types/lodash by @dependabot[bot] in tj-actions/changed-files#2807

chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by @dependabot[bot] in tj-actions/changed-files#2764

chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in tj-actions/changed-files#2815

chore(deps-dev): bump @types/node from 25.3.2 to 25.3.3 by @dependabot[bot] in tj-actions/changed-files#2814

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

v47.0.4

What's Changed

update: release-tagger action to version 6.0.6 by @jackton1 in tj-actions/changed-files#2801

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.6 - (2026-04-18)

🔄 Update

Updated README.md (#2817)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (c23d52b) - (github-actions[bot])

⚙️ Miscellaneous Tasks

deps: Bump lodash from 4.17.23 to 4.18.1 (#2837) (9426d40) - (dependabot[bot])

deps: Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#2843) (32de080) - (dependabot[bot])

deps: Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#2844) (2487d12) - (dependabot[bot])

deps-dev: Bump @types/node from 25.5.0 to 25.6.0 (#2846) (cef85a3) - (dependabot[bot])

deps-dev: Bump prettier from 3.8.1 to 3.8.3 (#2848) (7b082de) - (dependabot[bot])

deps: Bump github/codeql-action from 4.35.1 to 4.35.2 (#2849) (07224ca) - (dependabot[bot])

deps-dev: Bump jest from 30.2.0 to 30.3.0 (#2822) (2bb1357) - (dependabot[bot])

deps: Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (#2829) (cc98117) - (dependabot[bot])

deps: Bump yaml from 2.8.2 to 2.8.3 (#2830) (786e421) - (dependabot[bot])

deps-dev: Bump eslint-plugin-jest from 29.15.0 to 29.15.1 (#2831) (726b41b) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.6 to 4.35.1 (#2834) (2c3585e) - (dependabot[bot])

deps: Bump actions/download-artifact from 8.0.0 to 8.0.1 (#2824) (3d37a7f) - (dependabot[bot])

deps-dev: Bump @types/node from 25.3.5 to 25.5.0 (#2825) (445b0eb) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.5 to 4.32.6 (#2819) (4f892cd) - (dependabot[bot])

deps-dev: Bump @types/node from 25.3.3 to 25.3.5 (#2820) (6118651) - (dependabot[bot])

deps: Bump actions/setup-node from 6.2.0 to 6.3.0 (#2818) (e517d7a) - (dependabot[bot])

⬆️ Upgrades

Upgraded to v47.0.5 (#2816)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (4750530) - (github-actions[bot])

47.0.5 - (2026-03-03)

🔄 Update

Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> (35dace0) - (github-actions[bot])

Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

... (truncated)

Commits

9426d40 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#2837)
32de080 chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#2843)
2487d12 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#2844)
cef85a3 chore(deps-dev): bump @types/node from 25.5.0 to 25.6.0 (#2846)
7b082de chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 (#2848)
07224ca chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#2849)
2bb1357 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#2822)
cc98117 chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (#2829)
786e421 chore(deps): bump yaml from 2.8.2 to 2.8.3 (#2830)
726b41b chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 (#2831)
Additional commits viewable in compare view

Updates github/codeql-action from 4.31.9 to 4.35.3

Release notes

Sourced from github/codeql-action's releases.

v4.35.3

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

v4.35.2

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

v4.35.1

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

v4.35.0

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767

Update default CodeQL bundle version to 2.25.1. #3773

v4.34.1

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v4.34.0

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569

We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584

Update default CodeQL bundle version to 2.25.0. #3585

v4.33.0

Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

To opt out of this change:

Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

v4.32.6

Update default CodeQL bundle version to 2.24.3. #3548

v4.32.5

Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507

Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487

The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515

Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.35.3 - 01 May 2026

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar...
Description has been truncated

Bumps the github-actions group with 14 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.1.0` | `6.2.0` | | [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.20` | `1.2.23` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.1` | `47.0.6` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.3` | | [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) | `2.22.0` | `2.23.0` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [maxim-lobanov/setup-xcode](https://github.com/maxim-lobanov/setup-xcode) | `1.6.0` | `1.7.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.6.0` | `4.1.0` | | [aminya/setup-cpp](https://github.com/aminya/setup-cpp) | `1.7.2` | `1.8.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.4.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8e8c483...de0fac2) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...043fb46) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `actions/setup-python` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@83679a8...a309ff8) Updates `hendrikmuhs/ccache-action` from 1.2.20 to 1.2.23 - [Release notes](https://github.com/hendrikmuhs/ccache-action/releases) - [Commits](hendrikmuhs/ccache-action@5ebbd40...d62db5f) Updates `tj-actions/changed-files` from 47.0.1 to 47.0.6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@e002140...9426d40) Updates `github/codeql-action` from 4.31.9 to 4.35.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@5d4e8d1...e46ed2c) Updates `EnricoMi/publish-unit-test-result-action` from 2.22.0 to 2.23.0 - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](EnricoMi/publish-unit-test-result-action@27d65e1...c950f6f) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@ed59741...3a2844b) Updates `maxim-lobanov/setup-xcode` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/maxim-lobanov/setup-xcode/releases) - [Commits](maxim-lobanov/setup-xcode@60606e2...ed7a3b1) Updates `docker/login-action` from 3.6.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@5e57cd1...4907a6d) Updates `aminya/setup-cpp` from 1.7.2 to 1.8.0 - [Release notes](https://github.com/aminya/setup-cpp/releases) - [Commits](aminya/setup-cpp@9bc9b8c...1f17f92) Updates `actions/setup-node` from 6.1.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@395ad32...48b55a0) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: hendrikmuhs/ccache-action dependency-version: 1.2.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: EnricoMi/publish-unit-test-result-action dependency-version: 2.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: maxim-lobanov/setup-xcode dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aminya/setup-cpp dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 14 updates#5

Bump the github-actions group with 14 updates#5
dependabot[bot] wants to merge 1 commit intorisc-vfrom
dependabot/github_actions/github-actions-1d36554540

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026

v6.0.2

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v7.0.1

What's Changed

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v8.0.1

What's Changed

v8.0.0

v8 - What's new

Direct downloads

Enforced checks (breaking)

ESM

What's Changed

v6.2.0

What's Changed

Dependency Upgrades

v1.2.23

What's Changed

New Contributors

v1.2.22

What's Changed

v1.2.21

What's Changed

New Contributors

v47.0.6

What's Changed

v47.0.5

What's Changed

v47.0.4

What's Changed

Changelog

47.0.6 - (2026-04-18)

🔄 Update

⚙️ Miscellaneous Tasks

⬆️ Upgrades

47.0.5 - (2026-03-03)

🔄 Update

⚙️ Miscellaneous Tasks

v4.35.3

v4.35.2

v4.35.1

v4.35.0

v4.34.1

v4.34.0

v4.33.0

v4.32.6

v4.32.5

CodeQL Action Changelog

[UNRELEASED]

4.35.3 - 01 May 2026

4.35.2 - 15 Apr 2026

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar... Description has been truncated

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

4.35.0 - 27 Mar...
Description has been truncated