From 7434149006143a4d75b82a2f411ef15b03ccc2d7 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Fri, 26 Sep 2025 19:36:42 +0000 Subject: [PATCH 01/15] Upgrade Node.js version to 24. This requires creating a new major-version (v4) of codeql-action. --- .github/actions/check-sarif/action.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- CONTRIBUTING.md | 2 +- README.md | 3 +- analyze/action.yml | 2 +- autobuild/action.yml | 2 +- build.mjs | 2 +- init/action.yml | 2 +- package-lock.json | 24 +++++------ package.json | 4 +- resolve-environment/action.yml | 2 +- src/autobuild.ts | 6 +-- src/init-action-post-helper.test.ts | 24 +++++------ src/workflow.test.ts | 58 +++++++++++++------------- start-proxy/action.yml | 2 +- upload-sarif/action.yml | 2 +- 16 files changed, 69 insertions(+), 70 deletions(-) diff --git a/.github/actions/check-sarif/action.yml b/.github/actions/check-sarif/action.yml index 89ff9d703e..bfa1c3b9d1 100644 --- a/.github/actions/check-sarif/action.yml +++ b/.github/actions/check-sarif/action.yml @@ -16,5 +16,5 @@ inputs: Comma separated list of query ids that should NOT be included in this SARIF file. runs: - using: node20 + using: node24 main: index.js diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de86..67974422e8 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -72,7 +72,7 @@ jobs: run: npm run lint-ci - name: Upload sarif - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: matrix.os == 'ubuntu-latest' with: sarif_file: eslint.sarif diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 493ae847cf..13614cb011 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c ## Development and Testing -Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. +Before you start, ensure that you have a recent version of node (24 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. ### Common tasks diff --git a/README.md b/README.md index c5b8eab811..c6ab9ff1a9 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 (latest) +- v3 +- v4 (latest) ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server diff --git a/analyze/action.yml b/analyze/action.yml index b7880be179..7fc118b156 100644 --- a/analyze/action.yml +++ b/analyze/action.yml @@ -92,6 +92,6 @@ outputs: sarif-id: description: The ID of the uploaded SARIF file. runs: - using: node20 + using: node24 main: "../lib/analyze-action.js" post: "../lib/analyze-action-post.js" diff --git a/autobuild/action.yml b/autobuild/action.yml index 80d8c1c31e..c820fb5aff 100644 --- a/autobuild/action.yml +++ b/autobuild/action.yml @@ -15,5 +15,5 @@ inputs: $GITHUB_WORKSPACE as its working directory. required: false runs: - using: node20 + using: node24 main: '../lib/autobuild-action.js' diff --git a/build.mjs b/build.mjs index 05f7e05021..2e014e81d2 100644 --- a/build.mjs +++ b/build.mjs @@ -68,7 +68,7 @@ const context = await esbuild.context({ outdir: OUT_DIR, platform: "node", plugins: [cleanPlugin, copyDefaultsPlugin, onEndPlugin], - target: ["node20"], + target: ["node24"], }); await context.rebuild(); diff --git a/init/action.yml b/init/action.yml index ba5d6efcc1..57d5a99402 100644 --- a/init/action.yml +++ b/init/action.yml @@ -165,6 +165,6 @@ outputs: codeql-version: description: The version of the CodeQL binary used for analysis runs: - using: node20 + using: node24 main: '../lib/init-action.js' post: '../lib/init-action-post.js' diff --git a/package-lock.json b/package-lock.json index 46ec821b83..c13f510c1b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.30.6", + "version": "4.30.6", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", @@ -47,7 +47,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -2660,13 +2660,13 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "20.19.9", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz", - "integrity": "sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw==", + "version": "24.6.0", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.6.0.tgz", + "integrity": "sha512-F1CBxgqwOMc4GKJ7eY22hWhBVQuMYTtqI8L0FcszYcpYX0fzfDGpez22Xau8Mgm7O9fI+zA/TYIdq3tGWfweBA==", "dev": true, "license": "MIT", "dependencies": { - "undici-types": "~6.21.0" + "undici-types": "~7.13.0" } }, "node_modules/@types/node-forge": { @@ -4200,9 +4200,7 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "1.1.12", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", - "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "version": "1.1.11", "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", @@ -9197,9 +9195,9 @@ } }, "node_modules/undici-types": { - "version": "6.21.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", - "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "version": "7.13.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.13.0.tgz", + "integrity": "sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ==", "dev": true, "license": "MIT" }, diff --git a/package.json b/package.json index 31389bb802..60a1f009c6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.6", "private": true, "description": "CodeQL action", "scripts": { @@ -62,7 +62,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", diff --git a/resolve-environment/action.yml b/resolve-environment/action.yml index 188e5fd174..0734fcfa44 100644 --- a/resolve-environment/action.yml +++ b/resolve-environment/action.yml @@ -21,5 +21,5 @@ outputs: environment: description: The inferred build environment configuration. runs: - using: node20 + using: node24 main: '../lib/resolve-environment-action.js' diff --git a/src/autobuild.ts b/src/autobuild.ts index 1812e35017..ce3d45cc4e 100644 --- a/src/autobuild.ts +++ b/src/autobuild.ts @@ -52,11 +52,11 @@ export async function determineAutobuildLanguages( * For example, consider a user with the following workflow file: * * ```yml - * - uses: github/codeql-action/init@v3 + * - uses: github/codeql-action/init@v4 * with: * languages: go, java - * - uses: github/codeql-action/autobuild@v3 - * - uses: github/codeql-action/analyze@v3 + * - uses: github/codeql-action/autobuild@v4 + * - uses: github/codeql-action/analyze@v4 * ``` * * - With Go extraction disabled, we will run the Java autobuilder in the diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts index 72a828a33f..1c1cbcb684 100644 --- a/src/init-action-post-helper.test.ts +++ b/src/init-action-post-helper.test.ts @@ -84,14 +84,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off" }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -108,14 +108,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -135,14 +135,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -192,14 +192,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) { }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", upload: uploadInput, @@ -227,14 +227,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "/language:${{ matrix.language }}", }, @@ -254,14 +254,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { upload: "${{ matrix.language != 'csharp' }}", }, diff --git a/src/workflow.test.ts b/src/workflow.test.ts index 9af81459ef..e922d8079c 100644 --- a/src/workflow.test.ts +++ b/src/workflow.test.ts @@ -395,9 +395,9 @@ async function testLanguageAliases( }, }, steps: [ - { uses: "actions/checkout@v3" }, - { uses: "github/codeql-action/init@v3" }, - { uses: "github/codeql-action/analyze@v3" }, + { uses: "actions/checkout@v4" }, + { uses: "github/codeql-action/init@v4" }, + { uses: "github/codeql-action/analyze@v4" }, ], }, }, @@ -666,7 +666,7 @@ test("getWorkflowErrors() should report a warning if different versions of the C analyze: steps: - uses: github/codeql-action/init@v2 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -686,8 +686,8 @@ test("getWorkflowErrors() should not report a warning if the same versions of th jobs: analyze: steps: - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -706,7 +706,7 @@ test("getWorkflowErrors() should not report a warning involving versions of othe analyze: steps: - uses: actions/checkout@v5 - - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -723,9 +723,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category `) as Workflow, @@ -745,9 +745,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, "analysis", {}, @@ -765,19 +765,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs", foo: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build foo - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: foo-category bar: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build bar - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: bar-category `) as Workflow, @@ -800,11 +800,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix", matrix: language: [javascript, python] steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 with: language: \${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: "/language:\${{ matrix.language }}" `) as Workflow, @@ -824,9 +824,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category", jobs: analysis: steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: "\${{ github.workflow }}" `) as Workflow, @@ -851,12 +851,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: another-category `) as Workflow, diff --git a/start-proxy/action.yml b/start-proxy/action.yml index 14d2cd1f89..6d520259f8 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -26,6 +26,6 @@ outputs: proxy_urls: description: A stringified JSON array of objects containing the types and URLs of the configured registries. runs: - using: node20 + using: node24 main: "../lib/start-proxy-action.js" post: "../lib/start-proxy-action-post.js" diff --git a/upload-sarif/action.yml b/upload-sarif/action.yml index cd61886c69..2827891b2e 100644 --- a/upload-sarif/action.yml +++ b/upload-sarif/action.yml @@ -41,6 +41,6 @@ outputs: { "code-scanning": "some-id", "code-quality": "some-other-id" } runs: - using: node20 + using: node24 main: '../lib/upload-sarif-action.js' post: '../lib/upload-sarif-action-post.js' From 30445af89f63da37c830d906b47c90c6e94e8d3c Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Fri, 26 Sep 2025 16:18:59 -0500 Subject: [PATCH 02/15] Rebuild JS after upgrading to Node.js 24. --- lib/analyze-action-post.js | 6 +++--- lib/analyze-action.js | 6 +++--- lib/autobuild-action.js | 6 +++--- lib/init-action-post.js | 6 +++--- lib/init-action.js | 6 +++--- lib/resolve-environment-action.js | 6 +++--- lib/start-proxy-action-post.js | 6 +++--- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 6 +++--- lib/upload-sarif-action-post.js | 6 +++--- lib/upload-sarif-action.js | 6 +++--- 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index dc7b7a8403..17d28f6616 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 58f61c096b..a8a3d8589c 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index f9b6ebdfe7..7f12059f35 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 210a6f5010..c4fd6f812d 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action.js b/lib/init-action.js index 6940d87af4..49775e6ffb 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 8ace1ec0bc..9d53cdbe60 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index e0ff1691ae..2d262137b9 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 1b934050d1..e2d9666366 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -44966,7 +44966,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -45028,7 +45028,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 27ad934088..78763e9cc8 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33584,7 +33584,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -33646,7 +33646,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -35688,7 +35688,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 1e61b3bc54..6ffda0583a 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -106366,7 +106366,7 @@ var require_brace_expansion3 = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 317e6290bc..2e6a676dc7 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } From d7ada03e0280f776b82f810731bcbec65691d7b4 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Fri, 26 Sep 2025 16:38:11 -0500 Subject: [PATCH 03/15] Downgrade upload-sarif@v4 -> v3 I got ahead of myself; v4 hasn't been tagged yet. --- .github/workflows/pr-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 67974422e8..2fd737de86 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -72,7 +72,7 @@ jobs: run: npm run lint-ci - name: Upload sarif - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@v3 if: matrix.os == 'ubuntu-latest' with: sarif_file: eslint.sarif From 180438161ed057dbe254fbe4b9e065448fbe1c40 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 29 Sep 2025 11:22:30 -0500 Subject: [PATCH 04/15] Specify Node.js v24 in actions/setup-node steps. --- .github/workflows/codescanning-config-cli.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- .github/workflows/query-filters.yml | 2 +- .github/workflows/update-bundle.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index c6dc41f299..0c6213e9e7 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -58,7 +58,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de86..3a4bca4ec2 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -36,7 +36,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Set up Python diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index aabcc144b0..fa89d2d935 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -34,7 +34,7 @@ jobs: - name: Install Node.js uses: actions/setup-node@v5 with: - node-version: 20.x + node-version: 24 cache: npm - name: Install dependencies diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index e64135d841..6705d7d14b 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -43,7 +43,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Install dependencies From d4bbcb74ca9400cb92146ef4ea5e441eafd2edce Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 29 Sep 2025 11:26:46 -0500 Subject: [PATCH 05/15] Implement simultaneous PR checks for Node.js v20, v24. Copied from #2006. --- .github/workflows/pr-checks.yml | 12 ++++++-- .github/workflows/script/check-js-20.sh | 37 +++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100755 .github/workflows/script/check-js-20.sh diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 3a4bca4ec2..4d87e15fb5 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -20,6 +20,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] + node-version: [20, 24] permissions: contents: read security-events: write # needed to upload ESLint results @@ -36,7 +37,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: 24 + node-version: ${{ matrix.node-version }} cache: 'npm' - name: Set up Python @@ -51,7 +52,12 @@ jobs: npm config set script-shell bash npm ci - - name: Verify compiled JS up to date + - name: Verify compiled JS up to date (Node.js 20) + if: matrix.node-version == 20 + run: .github/workflows/script/check-js-20.sh + + - name: Verify compiled JS up to date (Node.js 24) + if: matrix.node-version == 24 run: .github/workflows/script/check-js.sh - name: Verify PR checks up to date @@ -73,7 +79,7 @@ jobs: - name: Upload sarif uses: github/codeql-action/upload-sarif@v3 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24 with: sarif_file: eslint.sarif category: eslint diff --git a/.github/workflows/script/check-js-20.sh b/.github/workflows/script/check-js-20.sh new file mode 100755 index 0000000000..02ed8557a6 --- /dev/null +++ b/.github/workflows/script/check-js-20.sh @@ -0,0 +1,37 @@ +#!/bin/bash +set -eu + +# Change @types/node to v20 temporarily to check that the generated JS files are correct. +contents=$(jq '.devDependencies."@types/node" = "^20.0.0"' package.json) +echo "${contents}" > package.json + +npm install + +if [ ! -z "$(git status --porcelain)" ]; then + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions[bot]" + # The period in `git add --all .` ensures that we stage deleted files too. + git add --all . + git commit -m "Use @types/node v20" +fi + +# Wipe the lib directory in case there are extra unnecessary files in there +rm -rf lib + +# Generate the JavaScript files +npm run-script build + +# Check that repo is still clean. +# The downgrade of @types/node means that we expect certain changes to the generated JS files. +# Therefore, we should ignore these changes to @types/node and check for outstanding changes. +if [[ $(git diff | grep --perl-regexp '^-(?!--)' | grep --count --invert-match --perl-regexp '"@types/node": "\^24') -gt 0 || \ + $(git diff | grep --perl-regexp '^\+(?!\+\+)' | grep --count --invert-match --perl-regexp '"@types/node": "\^20') -gt 0 ]] +then + >&2 echo "Failed: JavaScript files are not up to date. Run 'rm -rf lib && npm run-script build' to update" + git diff + exit 1 +fi +echo "Success: JavaScript files are up to date" + +# Clean up changes to package.json, package-lock.json, and lib/*.js. +git reset --hard HEAD~1 From d4b5380db47e283a94c5a85c4c6cf1f677d2530e Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 30 Sep 2025 13:45:06 -0500 Subject: [PATCH 06/15] Document Node.js 24 change in CHANGELOG.md. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65af5e0af6..dc29f203ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ No user facing changes. - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. [#3107](https://github.com/github/codeql-action/pull/3107) - You can now run the latest CodeQL nightly bundle by passing `tools: nightly` to the `init` action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. [#3130](https://github.com/github/codeql-action/pull/3130) - Update default CodeQL bundle version to 2.23.1. [#3118](https://github.com/github/codeql-action/pull/3118) +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.3 - 10 Sep 2025 From 3adb1ff7b88abf82e97c2c42d9ac29a62769ba63 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Wed, 1 Oct 2025 09:04:18 -0500 Subject: [PATCH 07/15] Reorder supported tags in descending order Co-authored-by: Henry Mercer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c6ab9ff1a9..d4e5320b3b 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 - v4 (latest) +- v3 ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server From 205744e04feff7038d2f6efa0a56ccf2311ae33b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 13:53:03 +0000 Subject: [PATCH 08/15] Update changelog and version after v3.30.6 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41d89f885d..3b0da85e36 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 3.30.6 - 02 Oct 2025 - Update default CodeQL bundle version to 2.23.2. [#3168](https://github.com/github/codeql-action/pull/3168) diff --git a/package-lock.json b/package-lock.json index 46ec821b83..911e99ad4d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.30.6", + "version": "3.30.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.30.6", + "version": "3.30.7", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", diff --git a/package.json b/package.json index 31389bb802..32b427bb41 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.6", + "version": "3.30.7", "private": true, "description": "CodeQL action", "scripts": { From 70836b1ec4ecbd0baa6b1e69566c54c946fc2729 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 2 Oct 2025 13:55:07 +0000 Subject: [PATCH 09/15] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e5ccfa9f98..a9b163bc16 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c60a3692a9..d873c64dc8 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index b65cb80434..316585f7fd 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ff5a35731f..0c352bbd7b 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index 8e246aebb0..8ad9767743 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 8ace1ec0bc..1413b95935 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index e0ff1691ae..a52eadfc51 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 91a4880ef2..1366fbcadf 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -44974,7 +44974,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index fb3980402d..a6342ff212 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33584,7 +33584,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index e9b083b3c3..233b73d473 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9efd8515be..12ad80cd9b 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "3.30.7", private: true, description: "CodeQL action", scripts: { From 65e9e640eee8bd9544d635018b785e3902144ccd Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 2 Oct 2025 17:45:08 +0100 Subject: [PATCH 10/15] Make `matrix` available to `start-proxy` action --- start-proxy/action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/start-proxy/action.yml b/start-proxy/action.yml index 14d2cd1f89..17fc3bbe64 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -16,6 +16,9 @@ inputs: language: description: The programming language to setup the proxy for the correct ecosystem required: false + matrix: + default: ${{ toJson(matrix) }} + required: false outputs: proxy_host: description: The IP address of the proxy From 54ae8ba5b132f38656616b37ff939c55700d519b Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Thu, 2 Oct 2025 13:46:44 -0500 Subject: [PATCH 11/15] Simplify PR check by reverting changes to `@types/node`. --- .github/workflows/pr-checks.yml | 7 +---- .github/workflows/script/check-js-20.sh | 37 ------------------------- build.mjs | 6 ++-- lib/analyze-action-post.js | 4 +-- lib/analyze-action.js | 4 +-- lib/autobuild-action.js | 4 +-- lib/init-action-post.js | 4 +-- lib/init-action.js | 4 +-- lib/resolve-environment-action.js | 4 +-- lib/start-proxy-action-post.js | 4 +-- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 4 +-- lib/upload-sarif-action-post.js | 4 +-- lib/upload-sarif-action.js | 4 +-- package-lock.json | 20 +++++++------ package.json | 2 +- 16 files changed, 37 insertions(+), 77 deletions(-) delete mode 100755 .github/workflows/script/check-js-20.sh diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 4d87e15fb5..376730e386 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -52,12 +52,7 @@ jobs: npm config set script-shell bash npm ci - - name: Verify compiled JS up to date (Node.js 20) - if: matrix.node-version == 20 - run: .github/workflows/script/check-js-20.sh - - - name: Verify compiled JS up to date (Node.js 24) - if: matrix.node-version == 24 + - name: Verify compiled JS up to date run: .github/workflows/script/check-js.sh - name: Verify PR checks up to date diff --git a/.github/workflows/script/check-js-20.sh b/.github/workflows/script/check-js-20.sh deleted file mode 100755 index 02ed8557a6..0000000000 --- a/.github/workflows/script/check-js-20.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -set -eu - -# Change @types/node to v20 temporarily to check that the generated JS files are correct. -contents=$(jq '.devDependencies."@types/node" = "^20.0.0"' package.json) -echo "${contents}" > package.json - -npm install - -if [ ! -z "$(git status --porcelain)" ]; then - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - # The period in `git add --all .` ensures that we stage deleted files too. - git add --all . - git commit -m "Use @types/node v20" -fi - -# Wipe the lib directory in case there are extra unnecessary files in there -rm -rf lib - -# Generate the JavaScript files -npm run-script build - -# Check that repo is still clean. -# The downgrade of @types/node means that we expect certain changes to the generated JS files. -# Therefore, we should ignore these changes to @types/node and check for outstanding changes. -if [[ $(git diff | grep --perl-regexp '^-(?!--)' | grep --count --invert-match --perl-regexp '"@types/node": "\^24') -gt 0 || \ - $(git diff | grep --perl-regexp '^\+(?!\+\+)' | grep --count --invert-match --perl-regexp '"@types/node": "\^20') -gt 0 ]] -then - >&2 echo "Failed: JavaScript files are not up to date. Run 'rm -rf lib && npm run-script build' to update" - git diff - exit 1 -fi -echo "Success: JavaScript files are up to date" - -# Clean up changes to package.json, package-lock.json, and lib/*.js. -git reset --hard HEAD~1 diff --git a/build.mjs b/build.mjs index 2e014e81d2..9e28acbd74 100644 --- a/build.mjs +++ b/build.mjs @@ -13,7 +13,7 @@ const OUT_DIR = join(__dirname, "lib"); /** * Clean the output directory before building. - * + * * @type {esbuild.Plugin} */ const cleanPlugin = { @@ -27,7 +27,7 @@ const cleanPlugin = { /** * Copy defaults.json to the output directory since other projects depend on it. - * + * * @type {esbuild.Plugin} */ const copyDefaultsPlugin = { @@ -68,7 +68,7 @@ const context = await esbuild.context({ outdir: OUT_DIR, platform: "node", plugins: [cleanPlugin, copyDefaultsPlugin, onEndPlugin], - target: ["node24"], + target: ["node20"], }); await context.rebuild(); diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 506c3886b5..9608f9f58a 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index d4d77251f2..f17cde2492 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 86634cdf83..30c9abb8fb 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 504e33abcf..fdf055f090 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action.js b/lib/init-action.js index 01f7dcdbda..901cbda3f8 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 9d53cdbe60..d3edabe93e 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 2d262137b9..ee1a6ba945 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index a194b3d5f4..c6c18fc06b 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45036,7 +45036,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 9a9e6e6bc2..dde7db14cf 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33646,7 +33646,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -35688,7 +35688,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index ac0a6da671..5ec030a15b 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -106366,7 +106366,7 @@ var require_brace_expansion3 = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index cc9874e266..dc7506af36 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/package-lock.json b/package-lock.json index c13f510c1b..cb01080570 100644 --- a/package-lock.json +++ b/package-lock.json @@ -47,7 +47,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -2660,13 +2660,13 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "24.6.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.6.0.tgz", - "integrity": "sha512-F1CBxgqwOMc4GKJ7eY22hWhBVQuMYTtqI8L0FcszYcpYX0fzfDGpez22Xau8Mgm7O9fI+zA/TYIdq3tGWfweBA==", + "version": "20.19.9", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz", + "integrity": "sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw==", "dev": true, "license": "MIT", "dependencies": { - "undici-types": "~7.13.0" + "undici-types": "~6.21.0" } }, "node_modules/@types/node-forge": { @@ -4200,7 +4200,9 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "1.1.11", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", @@ -9195,9 +9197,9 @@ } }, "node_modules/undici-types": { - "version": "7.13.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.13.0.tgz", - "integrity": "sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ==", + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", "dev": true, "license": "MIT" }, diff --git a/package.json b/package.json index 60a1f009c6..e4ddef3411 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", From dddf033776a9a0e008719a5c64a93dcac144838f Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Thu, 2 Oct 2025 14:32:40 -0500 Subject: [PATCH 12/15] Revert changes to build.mjs --- build.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.mjs b/build.mjs index 9e28acbd74..05f7e05021 100644 --- a/build.mjs +++ b/build.mjs @@ -13,7 +13,7 @@ const OUT_DIR = join(__dirname, "lib"); /** * Clean the output directory before building. - * + * * @type {esbuild.Plugin} */ const cleanPlugin = { @@ -27,7 +27,7 @@ const cleanPlugin = { /** * Copy defaults.json to the output directory since other projects depend on it. - * + * * @type {esbuild.Plugin} */ const copyDefaultsPlugin = { From 7fb8378d93a9c48917835b918be8813792a0dd26 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 3 Oct 2025 11:59:36 +0100 Subject: [PATCH 13/15] Re-throw exception in `createStatusReportBase` when in test mode --- lib/analyze-action.js | 3 +++ lib/autobuild-action.js | 3 +++ lib/init-action-post.js | 3 +++ lib/init-action.js | 3 +++ lib/resolve-environment-action.js | 3 +++ lib/start-proxy-action.js | 3 +++ lib/upload-sarif-action.js | 3 +++ src/status-report.ts | 6 ++++++ 8 files changed, 27 insertions(+) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index d873c64dc8..c2788900b3 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -94123,6 +94123,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 316585f7fd..4cde47d65b 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -79872,6 +79872,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 0c352bbd7b..e138420a3e 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -131599,6 +131599,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/init-action.js b/lib/init-action.js index 8ad9767743..2f509ad0ee 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -90274,6 +90274,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 1413b95935..67cb394e74 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -79499,6 +79499,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 1366fbcadf..f262402cf9 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -95649,6 +95649,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 12ad80cd9b..7ad72583b5 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -89910,6 +89910,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/src/status-report.ts b/src/status-report.ts index b0e39aa54b..9bfd14677d 100644 --- a/src/status-report.ts +++ b/src/status-report.ts @@ -375,6 +375,12 @@ export async function createStatusReportBase( logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.`, ); + + // Re-throw the exception in test mode. While testing, we want to know if something goes wrong here. + if (isInTestMode()) { + throw e; + } + return undefined; } } From b66db86c847a6b3b82d6036b8ef090a869d23fcd Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 6 Oct 2025 11:40:43 -0500 Subject: [PATCH 14/15] Hoist CHANGELOG note back to "UNRELEASED" section. --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 322b76a844..37bca4058a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.6 - 02 Oct 2025 @@ -20,7 +20,6 @@ No user facing changes. - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. [#3107](https://github.com/github/codeql-action/pull/3107) - You can now run the latest CodeQL nightly bundle by passing `tools: nightly` to the `init` action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. [#3130](https://github.com/github/codeql-action/pull/3130) - Update default CodeQL bundle version to 2.23.1. [#3118](https://github.com/github/codeql-action/pull/3118) -- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.3 - 10 Sep 2025 From 93c16735fa0c27d771c77818dac729edc5a9cd19 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 18:19:26 +0000 Subject: [PATCH 15/15] Update changelog for v4.30.7 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37bca4058a..692c42bf3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.30.7 - 06 Oct 2025 - [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)