{"id":67,"name":"github/codeql-action","ecosystem":"actions","repository_url":"https://github.com/github/codeql-action","issues_count":67310,"created_at":"2025-06-06T15:01:32.540Z","updated_at":"2025-06-06T15:01:32.540Z","purl":"pkg:githubactions/github/codeql-action","metadata":{"id":9261401,"name":"github.com/github/codeql-action","ecosystem":"go","description":"","homepage":"https://github.com/github/codeql-action","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/github/codeql-action","keywords_array":[],"namespace":"github.com/github","versions_count":290,"first_release_published_at":"2021-05-21T18:04:50.000Z","latest_release_published_at":"2025-06-03T13:08:22.000Z","latest_release_number":"v3.28.19+incompatible","last_synced_at":"2025-06-05T04:48:36.215Z","created_at":"2024-03-23T02:55:43.850Z","updated_at":"2025-06-05T04:48:36.554Z","registry_url":"https://pkg.go.dev/github.com/github/codeql-action","install_command":"go get github.com/github/codeql-action","documentation_url":"https://pkg.go.dev/github.com/github/codeql-action#section-documentation","metadata":{},"repo_metadata":{"uuid":"259445878","full_name":"github/codeql-action","owner":"github","description":"Actions for running CodeQL analysis","archived":false,"fork":false,"pushed_at":"2024-03-25T09:18:02.000Z","size":122420,"stargazers_count":1026,"open_issues_count":121,"forks_count":292,"subscribers_count":36,"default_branch":"main","last_synced_at":"2024-03-25T10:35:34.951Z","etag":null,"topics":["actions","advanced-security","ci","code-scanning","codeql","semmle-ql"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-04-27T20:36:30.000Z","updated_at":"2024-03-25T02:58:19.000Z","dependencies_parsed_at":"2024-01-22T10:42:37.264Z","dependency_job_id":"c3329e5a-d953-4324-ad36-7d34461f3541","html_url":"https://github.com/github/codeql-action","commit_stats":{"total_commits":2886,"total_committers":86,"mean_commits":33.55813953488372,"dds":0.7792792792792793,"last_synced_commit":"137a1e070d9fce60979b4ba596a335a285a6266b"},"previous_names":[],"tags_count":299,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":192837238,"owners_count":12755579,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"github","name":"GitHub","uuid":"9919","kind":"organization","description":"How people build software.","email":null,"website":"https://github.com/about","location":"San Francisco, CA","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/9919?v=4","repositories_count":462,"last_synced_at":"2023-04-09T06:36:30.344Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/github","funding_links":[],"total_stars":null,"created_at":"2022-11-02T16:22:19.308Z","updated_at":"2023-04-09T06:36:32.228Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github/repositories"},"tags":[{"name":"v2.24.9","sha":"a82bad71823183e5b120ab52d521460ecb0585fe","kind":"tag","published_at":"2024-03-22T11:07:32.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.9","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.9/manifests"},{"name":"v3.24.9","sha":"1b1aada464948af03b950897e5eb522f92603cc2","kind":"tag","published_at":"2024-03-22T10:36:44.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.9","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.9/manifests"},{"name":"codeql-bundle-v2.16.5","sha":"423a04bb2cb7cd2643007122588f1387778f14d0","kind":"commit","published_at":"2024-03-18T15:33:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.16.5","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.16.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.5/manifests"},{"name":"v2.24.8","sha":"c2dc67199a2e650d535d7de586a07597aea4d9c7","kind":"tag","published_at":"2024-03-18T15:31:21.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.8","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.8/manifests"},{"name":"v3.24.8","sha":"05963f47d870e2cb19a537396c1f668a348c7d8f","kind":"tag","published_at":"2024-03-18T13:57:06.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.8","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.8/manifests"},{"name":"v2.24.7","sha":"e56cfd0877b4826be144d11aa31e6c64a55828e9","kind":"tag","published_at":"2024-03-12T18:26:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.7","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.7/manifests"},{"name":"v3.24.7","sha":"3ab4101902695724f9365a384f86c1074d94e18c","kind":"tag","published_at":"2024-03-12T17:49:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.7","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.7/manifests"},{"name":"codeql-bundle-v2.16.4","sha":"83a02f7883b12e0e4e1a146174f5e2292a01e601","kind":"commit","published_at":"2024-03-06T12:05:54.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.16.4","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.16.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.4/manifests"},{"name":"v2.24.6","sha":"928ff8c822d966a999092a6a35e32177899afb7c","kind":"tag","published_at":"2024-03-01T10:21:22.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.6","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.6/manifests"},{"name":"v3.24.6","sha":"8a470fddafa5cbb6266ee11b37ef4d8aae19c571","kind":"tag","published_at":"2024-02-29T14:04:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.6","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.6/manifests"},{"name":"v2.24.5","sha":"a56a03b370b87b26fde6d680755f818cfda0372b","kind":"tag","published_at":"2024-02-23T10:57:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.5","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.5/manifests"},{"name":"v3.24.5","sha":"47b3d888fe66b639e431abf22ebca059152f1eea","kind":"tag","published_at":"2024-02-23T09:50:29.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.5","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.5/manifests"},{"name":"v2.24.4","sha":"80eb8d5395c1d8edac424890a2dc323568ba25fb","kind":"tag","published_at":"2024-02-22T13:48:52.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.4","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.4/manifests"},{"name":"v3.24.4","sha":"e2e140ad1441662206e8f97754b166877dfa1c73","kind":"tag","published_at":"2024-02-22T10:37:32.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.4","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.4/manifests"},{"name":"codeql-bundle-v2.16.3","sha":"592977e6ae857384aa79bb31e7a1d62d63449ec5","kind":"commit","published_at":"2024-02-20T11:06:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.16.3","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.16.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.3/manifests"},{"name":"v2.24.3","sha":"4a8f20f6b9b5114f354129a1e2f391d75bfd640a","kind":"tag","published_at":"2024-02-15T13:16:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.3","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.3/manifests"},{"name":"v3.24.3","sha":"379614612a29c9e28f31f39a59013eb8012a51f0","kind":"tag","published_at":"2024-02-15T12:46:48.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.3","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.3/manifests"},{"name":"v2.24.2","sha":"8b6a45a6ecf57c282d068f1e7697de1f35afb8c9","kind":"tag","published_at":"2024-02-15T11:35:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.2/manifests"},{"name":"v3.24.2","sha":"ece8414c725e29de2e18c0859fda9e7280df9488","kind":"tag","published_at":"2024-02-15T10:49:03.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.2","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.2/manifests"},{"name":"v2.24.1","sha":"1a077f8f6c71a45340c26ca0b877e00459e5f443","kind":"tag","published_at":"2024-02-13T15:51:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.1/manifests"},{"name":"v3.24.1","sha":"e675ced7a7522a761fc9c8eb26682c8b27c42b2b","kind":"tag","published_at":"2024-02-13T14:30:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.1","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.1/manifests"},{"name":"codeql-bundle-v2.16.2","sha":"cf7e9f23492505046de9a37830c3711dd0f25bb3","kind":"commit","published_at":"2024-02-06T10:57:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.16.2","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.16.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.2/manifests"},{"name":"v2.24.0","sha":"dc021d495cb77b369e4d9d04a501700fd83b8c51","kind":"tag","published_at":"2024-02-02T19:25:24.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.24.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.24.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.24.0/manifests"},{"name":"v3.24.0","sha":"e8893c57a1f3a2b659b6b55564fdfdbbd2982911","kind":"tag","published_at":"2024-02-02T18:31:44.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.24.0","html_url":"https://github.com/github/codeql-action/releases/tag/v3.24.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.24.0/manifests"},{"name":"v2.23.2","sha":"2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f","kind":"tag","published_at":"2024-01-26T15:18:54.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.23.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.23.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.23.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.23.2/manifests"},{"name":"v3.23.2","sha":"b7bf0a3ed3ecfa44160715d7c442788f65f0f923","kind":"tag","published_at":"2024-01-26T14:34:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.23.2","html_url":"https://github.com/github/codeql-action/releases/tag/v3.23.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.23.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.23.2/manifests"},{"name":"codeql-bundle-v2.16.1","sha":"65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9","kind":"commit","published_at":"2024-01-23T14:50:06.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.16.1","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.1/manifests"},{"name":"v2.23.1","sha":"4759df8df70c5ebe7042c3029bbace20eee13edd","kind":"tag","published_at":"2024-01-17T17:40:57.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.23.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.23.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.23.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.23.1/manifests"},{"name":"v3.23.1","sha":"0b21cf2492b6b02c465a3e5d7c473717ad7721ba","kind":"tag","published_at":"2024-01-17T16:23:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.23.1","html_url":"https://github.com/github/codeql-action/releases/tag/v3.23.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.23.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.23.1/manifests"},{"name":"codeql-bundle-v2.16.0","sha":"e6a47e25652c5dbefe5b65d3b8e8dab0e9364b21","kind":"commit","published_at":"2024-01-08T17:42:55.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.16.0","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.16.0/manifests"},{"name":"v2.23.0","sha":"8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4","kind":"tag","published_at":"2024-01-08T13:44:54.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.23.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.23.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.23.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.23.0/manifests"},{"name":"v3.23.0","sha":"e5f05b81d5b6ff8cfa111c80c22c5fd02a384118","kind":"tag","published_at":"2024-01-08T12:11:38.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.23.0","html_url":"https://github.com/github/codeql-action/releases/tag/v3.23.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.23.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.23.0/manifests"},{"name":"v2.22.12","sha":"1500a131381b66de0c52ac28abb13cd79f4b7ecc","kind":"tag","published_at":"2023-12-22T16:41:31.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.12","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.12/manifests"},{"name":"v3.22.12","sha":"012739e5082ff0c22ca6d6ab32e07c36df03c4a4","kind":"tag","published_at":"2023-12-22T00:46:01.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.22.12","html_url":"https://github.com/github/codeql-action/releases/tag/v3.22.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.22.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.22.12/manifests"},{"name":"codeql-bundle-v2.15.5","sha":"7e187e1c529d80bac7b87a16e7a792427f65cf02","kind":"commit","published_at":"2023-12-18T22:02:22.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.15.5","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.5/manifests"},{"name":"v2.22.11","sha":"03e7845b7bfcd5e7fb63d1ae8c61b0e791134fab","kind":"tag","published_at":"2023-12-13T20:42:50.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.11","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.11/manifests"},{"name":"v3.22.11","sha":"b374143c1149a9115d881581d29b8390bbcbb59c","kind":"tag","published_at":"2023-12-13T15:21:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3.22.11","html_url":"https://github.com/github/codeql-action/releases/tag/v3.22.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.22.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3.22.11/manifests"},{"name":"v3","sha":"b374143c1149a9115d881581d29b8390bbcbb59c","kind":"tag","published_at":"2023-12-13T15:21:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v3","html_url":"https://github.com/github/codeql-action/releases/tag/v3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v3/manifests"},{"name":"v2.22.10","sha":"305f6546310b9203e892c28c1484e82977f4f63d","kind":"tag","published_at":"2023-12-12T16:58:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.10","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.10/manifests"},{"name":"v2.22.9","sha":"c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2","kind":"tag","published_at":"2023-12-07T11:33:20.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.9","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.9/manifests"},{"name":"codeql-bundle-v2.15.4","sha":"bc50092bdb546ff8f9d3eb30eb4cd57b4a0059db","kind":"commit","published_at":"2023-12-04T19:22:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.15.4","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.4/manifests"},{"name":"v2.22.8","sha":"407ffafae6a767df3e0230c3df91b6443ae8df75","kind":"tag","published_at":"2023-11-23T11:04:35.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.8","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.8/manifests"},{"name":"codeql-bundle-v2.15.3","sha":"4b6aa0b07da05d6e43d0e5f9c8596a6532ce1c85","kind":"commit","published_at":"2023-11-16T14:10:31.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.15.3","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.3/manifests"},{"name":"v2.22.7","sha":"66b90a5db151a8042fa97405c6cf843bbe433f7b","kind":"tag","published_at":"2023-11-16T13:26:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.7","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.7/manifests"},{"name":"v2.22.6","sha":"689fdc5193eeb735ecb2e52e819e3382876f93f4","kind":"tag","published_at":"2023-11-14T12:52:30.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.6","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.6/manifests"},{"name":"codeql-bundle-v2.15.2","sha":"df32e399139a3050671466d7d9b3cbacc1cfd034","kind":"commit","published_at":"2023-10-30T10:49:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.15.2","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.2/manifests"},{"name":"v2.22.5","sha":"74483a38d39275f33fcff5f35b679b5ca4a26a99","kind":"tag","published_at":"2023-10-27T09:31:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.5","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.5/manifests"},{"name":"v2","sha":"74483a38d39275f33fcff5f35b679b5ca4a26a99","kind":"tag","published_at":"2023-10-27T09:31:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2","html_url":"https://github.com/github/codeql-action/releases/tag/v2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2/manifests"},{"name":"v2.22.4","sha":"49abf0ba24d0b7953cb586944e918a0b92074c80","kind":"tag","published_at":"2023-10-20T16:21:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.4","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.4/manifests"},{"name":"codeql-bundle-v2.15.1","sha":"bad341350a2f5616f9e048e51360cedc49181ce8","kind":"commit","published_at":"2023-10-17T19:56:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.15.1","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.1/manifests"},{"name":"v2.22.3","sha":"0116bc2df50751f9724a2e35ef1f24d22f90e4e1","kind":"tag","published_at":"2023-10-13T13:02:55.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.3","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.3/manifests"},{"name":"v2.22.2","sha":"d90b8d79de6dc1f58e83a1499aa58d6c93dc28de","kind":"tag","published_at":"2023-10-12T10:38:30.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.2/manifests"},{"name":"v2.22.1","sha":"fdcae64e1484d349b3366718cdfef3d404390e85","kind":"tag","published_at":"2023-10-09T11:04:24.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.1/manifests"},{"name":"v2.22.0","sha":"2cb752a87e96af96708ab57187ab6372ee1973ab","kind":"tag","published_at":"2023-10-06T10:47:40.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.22.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.22.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.22.0/manifests"},{"name":"codeql-bundle-v2.15.0","sha":"517782a2a0dd93543ea4f12f41006cf70ddca135","kind":"commit","published_at":"2023-10-04T19:01:23.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.15.0","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.15.0/manifests"},{"name":"v2.21.9","sha":"ddccb873888234080b77e9bc2d4764d5ccaaccf9","kind":"tag","published_at":"2023-09-27T14:58:09.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.9","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.9/manifests"},{"name":"codeql-bundle-v2.14.6","sha":"8e0b1c74b1d5a0077b04d064c76ee714d3da7637","kind":"commit","published_at":"2023-09-19T22:10:13.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.6","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.6/manifests"},{"name":"v2.21.8","sha":"6a28655e3dcb49cb0840ea372fd6d17733edd8a4","kind":"tag","published_at":"2023-09-19T10:19:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.8","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.8/manifests"},{"name":"v2.21.7","sha":"04daf014b50eaf774287bf3f0f1869d4b4c4b913","kind":"tag","published_at":"2023-09-14T16:58:57.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.7","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.7/manifests"},{"name":"codeql-bundle-v2.14.5","sha":"c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744","kind":"commit","published_at":"2023-09-13T18:46:02.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.5","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.5/manifests"},{"name":"v2.21.6","sha":"701f152f28d4350ad289a5e31435e9ab6169a7ca","kind":"tag","published_at":"2023-09-13T16:39:17.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.6","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.6/manifests"},{"name":"codeql-bundle-v2.14.4","sha":"43750fe4fc4f068f04f2215206e6f6a29c78c763","kind":"commit","published_at":"2023-09-07T21:46:29.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.4","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.4/manifests"},{"name":"v2.21.5","sha":"00e563ead9f72a8461b24876bee2d0c2e8bd2ee8","kind":"tag","published_at":"2023-08-28T18:37:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.5","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.5/manifests"},{"name":"codeql-bundle-v2.14.3","sha":"e4262713b504983e61c7728f5452be240d9385a7","kind":"commit","published_at":"2023-08-18T18:57:50.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.3","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.3/manifests"},{"name":"v2.21.4","sha":"a09933a12a80f87b87005513f0abb1494c27a716","kind":"tag","published_at":"2023-08-14T14:09:35.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.4","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.4/manifests"},{"name":"v2.21.3","sha":"5b6282e01c62d02e720b81eb8a51204f527c3624","kind":"tag","published_at":"2023-08-08T13:05:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.3","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.3/manifests"},{"name":"codeql-bundle-v2.14.2","sha":"f9a7c6738f28efb36e31d49c53a201a9c5d6a476","kind":"commit","published_at":"2023-08-08T10:20:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.2","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.2/manifests"},{"name":"v2.21.2","sha":"0ba4244466797eb048eb91a6cd43d5c03ca8bd05","kind":"tag","published_at":"2023-07-28T14:07:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.2/manifests"},{"name":"v2.21.1","sha":"6ca1aa8c195c3ca3e77c174fe0356db1bce3b319","kind":"tag","published_at":"2023-07-26T18:34:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.1/manifests"},{"name":"codeql-bundle-v2.14.1","sha":"7b6664fa89524ee6e3c3e9749402d5afd69b3cd8","kind":"commit","published_at":"2023-07-24T11:47:48.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.1","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.1/manifests"},{"name":"v2.21.0","sha":"1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8","kind":"tag","published_at":"2023-07-19T12:49:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.21.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.21.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.21.0/manifests"},{"name":"v2.20.4","sha":"489225d82a57396c6f426a40e66d461b16b3461d","kind":"tag","published_at":"2023-07-14T13:59:02.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.20.4","html_url":"https://github.com/github/codeql-action/releases/tag/v2.20.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.4/manifests"},{"name":"codeql-bundle-v2.14.0","sha":"85c77f1dfc42a47cc98299e8779c151d2159b120","kind":"commit","published_at":"2023-07-07T14:53:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.14.0","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.14.0/manifests"},{"name":"v2.20.3","sha":"46ed16ded91731b2df79a2893d3aea8e9f03b5c4","kind":"tag","published_at":"2023-07-06T13:50:59.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.20.3","html_url":"https://github.com/github/codeql-action/releases/tag/v2.20.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.3/manifests"},{"name":"v2.20.2","sha":"004c5de30b6423267685b897a3d595e944f7fed5","kind":"tag","published_at":"2023-07-03T11:00:37.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.20.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.20.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.2/manifests"},{"name":"codeql-bundle-v2.13.5","sha":"46a6823b81f2d7c67ddf123851eea88365bc8a67","kind":"commit","published_at":"2023-06-30T14:53:13.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.13.5","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.13.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.13.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.13.5/manifests"},{"name":"v2.20.1","sha":"f6e388ebf0efc915c6c5b165b019ee61a6746a38","kind":"tag","published_at":"2023-06-21T10:57:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.20.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.20.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.1/manifests"},{"name":"v2.20.0","sha":"6c089f53dd51dc3fc7e599c3cb5356453a52ca9e","kind":"tag","published_at":"2023-06-13T18:24:40.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.20.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.20.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.20.0/manifests"},{"name":"codeql-bundle-v2.13.4","sha":"cdcdbb579706841c47f7063dda365e292e5cad7a","kind":"commit","published_at":"2023-06-06T15:49:09.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.13.4","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.13.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.13.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.13.4/manifests"},{"name":"v2.3.6","sha":"83f0fe6c4988d98a455712a27f0255212bba9bd4","kind":"tag","published_at":"2023-06-01T15:27:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.6","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.6/manifests"},{"name":"v2.3.5","sha":"0225834cc549ee0ca93cb085b92954821a145866","kind":"tag","published_at":"2023-05-25T19:12:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.5","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.5/manifests"},{"name":"v2.3.4","sha":"f0e3dfb30302f8a0881bb509b044e0de4f6ef589","kind":"tag","published_at":"2023-05-24T22:16:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.4","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.4/manifests"},{"name":"codeql-bundle-20230524","sha":"1245696032ecf7d39f87d54daa406e22ddf769a8","kind":"commit","published_at":"2023-05-22T16:11:03.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230524","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230524","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230524","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230524/manifests"},{"name":"codeql-bundle-20230515","sha":"130884e4e1961d7e595c85e8e60b206e0f5282e7","kind":"commit","published_at":"2023-05-11T14:45:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230515","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230515","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230515","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230515/manifests"},{"name":"v2.3.3","sha":"29b1f65c5e92e24fe6b6647da1eaabe529cec70f","kind":"tag","published_at":"2023-05-04T18:53:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.3","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.3/manifests"},{"name":"codeql-bundle-20230428","sha":"f31a31c052207cc13b328d6295c5b728bb49568c","kind":"commit","published_at":"2023-04-27T21:00:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230428","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230428","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230428","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230428/manifests"},{"name":"v2.3.2","sha":"f3feb00acb00f31a6f60280e6ace9ca31d91c76a","kind":"tag","published_at":"2023-04-27T18:51:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.2/manifests"},{"name":"v2.3.1","sha":"8662eabe0e9f338a07350b7fd050732745f93848","kind":"tag","published_at":"2023-04-26T20:44:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.1/manifests"},{"name":"v2.3.0","sha":"b2c19fb9a2a485599ccf4ed5d65527d94bc57226","kind":"tag","published_at":"2023-04-21T19:09:09.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.3.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.3.0/manifests"},{"name":"codeql-bundle-20230418","sha":"9a866ed4524fc3422c3af1e446dab8efa3503411","kind":"commit","published_at":"2023-04-17T19:16:10.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230418","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230418","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230418","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230418/manifests"},{"name":"codeql-bundle-20230414","sha":"dc046388f30eacf938aadd32064285f437bd9c04","kind":"commit","published_at":"2023-04-13T16:23:16.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230414","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230414","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230414","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230414/manifests"},{"name":"v2.2.12","sha":"7df0ce34898d659f95c0c4a09eaa8d4e32ee64db","kind":"tag","published_at":"2023-04-13T14:03:48.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.12","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.12/manifests"},{"name":"v2.2.11","sha":"d186a2a36cc67bfa1b860e6170d37fb9634742c7","kind":"tag","published_at":"2023-04-06T17:31:27.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.11","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.11/manifests"},{"name":"v2.2.10","sha":"8c8d71dde4abced210732d8486586914b97752e8","kind":"tag","published_at":"2023-04-05T16:15:50.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.10","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.10/manifests"},{"name":"codeql-bundle-20230403","sha":"bb28e7e59e2ad6c1e5400e671795b2fa1b2fca6f","kind":"commit","published_at":"2023-03-30T09:22:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230403","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230403","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230403","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230403/manifests"},{"name":"codeql-bundle-20230331","sha":"bb28e7e59e2ad6c1e5400e671795b2fa1b2fca6f","kind":"commit","published_at":"2023-03-30T09:22:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230331","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230331","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230331","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230331/manifests"},{"name":"v2.2.9","sha":"04df1262e6247151b5ac09cd2c303ac36ad3f62b","kind":"tag","published_at":"2023-03-27T13:41:13.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.9","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.9/manifests"},{"name":"v2.2.8","sha":"67a35a08586135a9573f4327e904ecbf517a882d","kind":"tag","published_at":"2023-03-22T19:04:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.8","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.8/manifests"},{"name":"codeql-bundle-20230317","sha":"d23060145bc9131d50558d5d4185494a20208101","kind":"commit","published_at":"2023-03-15T12:15:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230317","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230317","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230317","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230317/manifests"},{"name":"v2.2.7","sha":"168b99b3c22180941ae7dbdd5f5c9678ede476ba","kind":"tag","published_at":"2023-03-15T11:44:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.7","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.7/manifests"},{"name":"v2.2.6","sha":"16964e90ba004cdf0cd845b866b5df21038b7723","kind":"tag","published_at":"2023-03-10T18:11:37.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.6","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.6/manifests"},{"name":"codeql-bundle-20230304","sha":"a589d4087ea22a0a48fc153d1b461886e262e0f2","kind":"commit","published_at":"2023-02-27T18:26:08.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230304","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230304","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230304","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230304/manifests"},{"name":"v2.2.5","sha":"32dc499307d133bb5085bae78498c0ac2cf762d5","kind":"tag","published_at":"2023-02-24T19:28:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.5","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.5/manifests"},{"name":"codeql-bundle-20230217","sha":"e00cd12e3ee0ce24d476645336a315351be51d88","kind":"commit","published_at":"2023-02-13T23:24:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230217","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230217","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230217","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230217/manifests"},{"name":"codeql-bundle-20230216","sha":"e00cd12e3ee0ce24d476645336a315351be51d88","kind":"commit","published_at":"2023-02-13T23:24:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230216","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230216","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230216","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230216/manifests"},{"name":"v2.2.4","sha":"17573ee1cc1b9d061760f3a006fc4aac4f944fd5","kind":"tag","published_at":"2023-02-10T18:23:24.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.4","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.4/manifests"},{"name":"v2.2.3","sha":"8775e868027fa230df8586bdf502bbd9b618a477","kind":"tag","published_at":"2023-02-08T20:37:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.3","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.3/manifests"},{"name":"codeql-bundle-20230207","sha":"81644f35ff20aa6b0e7b936f0e8716419ba7d295","kind":"commit","published_at":"2023-02-07T14:09:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230207","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230207","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230207","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230207/manifests"},{"name":"v2.2.2","sha":"39d8d7e78f59cf6b40ac3b9fbebef0c753d7c9e5","kind":"tag","published_at":"2023-02-06T19:48:12.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.2","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.2/manifests"},{"name":"codeql-bundle-20230203","sha":"b95df0b2e743a4922e72a3d3f78c4c22a8ae9bd2","kind":"commit","published_at":"2023-02-03T19:02:59.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230203","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230203","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230203","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230203/manifests"},{"name":"v2.2.1","sha":"3ebbd71c74ef574dbc558c82f70e52732c8b44fe","kind":"tag","published_at":"2023-01-27T09:30:05.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.1","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"436dbd9100756e97f42f45da571adeebf8270723","kind":"tag","published_at":"2023-01-26T16:39:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.2.0","html_url":"https://github.com/github/codeql-action/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.2.0/manifests"},{"name":"codeql-bundle-20230120","sha":"421a1b344fb0def373a0794a4051f19f207461ec","kind":"commit","published_at":"2023-01-20T17:57:55.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230120","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230120","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230120","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230120/manifests"},{"name":"v1.1.39","sha":"231aa2c8a89117b126725a0e11897209b7118144","kind":"tag","published_at":"2023-01-18T19:28:56.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.39","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.39","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.39","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.39/manifests"},{"name":"v1","sha":"231aa2c8a89117b126725a0e11897209b7118144","kind":"tag","published_at":"2023-01-18T19:28:56.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1","html_url":"https://github.com/github/codeql-action/releases/tag/v1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1/manifests"},{"name":"v2.1.39","sha":"a34ca99b4610d924e04c68db79e503e1f79f9f02","kind":"tag","published_at":"2023-01-18T18:16:06.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.39","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.39","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.39","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.39/manifests"},{"name":"v1.1.38","sha":"ef51ec1e544fec1d3f2e06d20bb924508edf2016","kind":"tag","published_at":"2023-01-12T12:02:44.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.38","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.38","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.38","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.38/manifests"},{"name":"v2.1.38","sha":"515828d97454b8354517688ddc5b48402b723750","kind":"tag","published_at":"2023-01-12T10:35:09.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.38","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.38","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.38","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.38/manifests"},{"name":"codeql-bundle-20230105","sha":"ff3337ee1b38c9bcf43046bde6450e50c5e88ebb","kind":"commit","published_at":"2023-01-04T10:43:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20230105","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230105","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230105","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20230105/manifests"},{"name":"v1.1.37","sha":"4b3fd9198891cf782111537728021ffc6ae722ba","kind":"tag","published_at":"2022-12-14T15:19:09.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.37","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.37","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.37","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.37/manifests"},{"name":"v2.1.37","sha":"959cbb7472c4d4ad70cdfe6f4976053fe48ab394","kind":"tag","published_at":"2022-12-14T14:06:22.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.37","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.37","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.37","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.37/manifests"},{"name":"v1.1.36","sha":"6856c22f5f5e3b8a6d962072aab8b196d5c31952","kind":"tag","published_at":"2022-12-08T21:21:36.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.36","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.36","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.36","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.36/manifests"},{"name":"codeql-bundle-20221211","sha":"896079047b4bb059ba6f150a5d87d47dde99e6e5","kind":"commit","published_at":"2022-12-08T20:35:17.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221211","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221211","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221211","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221211/manifests"},{"name":"v2.1.36","sha":"a669cc5936cc5e1b6a362ec1ff9e410dc570d190","kind":"tag","published_at":"2022-12-08T20:00:57.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.36","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.36","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.36","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.36/manifests"},{"name":"codeql-bundle-20221202","sha":"aa0e650c6a3f17884f81106e54e207cc0f669aa2","kind":"commit","published_at":"2022-12-02T13:05:21.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221202","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221202","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221202","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221202/manifests"},{"name":"v1.1.35","sha":"54d8b0da6bba52eaed1c8042082f6560bc02ecb6","kind":"tag","published_at":"2022-12-01T14:44:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.35","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.35","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.35","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.35/manifests"},{"name":"v2.1.35","sha":"b2a92eb56d8cb930006a1c6ed86b0782dd8a4297","kind":"tag","published_at":"2022-12-01T13:04:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.35","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.35","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.35","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.35/manifests"},{"name":"v1.1.34","sha":"ea25ff07d1d19b19a3bb9fc8a1392902a203f988","kind":"tag","published_at":"2022-11-25T16:29:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.34","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.34","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.34","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.34/manifests"},{"name":"v2.1.34","sha":"312e093a1892bd801f026f1090904ee8e460b9b6","kind":"tag","published_at":"2022-11-25T15:20:17.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.34","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.34","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.34","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.34/manifests"},{"name":"codeql-bundle-20221123","sha":"c719ec0b337ad8a0f3336d778d54e0f30df35713","kind":"commit","published_at":"2022-11-23T10:31:21.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221123","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221123","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221123","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221123/manifests"},{"name":"codeql-bundle-20221118","sha":"4fddc51e4f3b5e5e9022f35c3464736cc10e1e98","kind":"commit","published_at":"2022-11-17T18:38:48.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221118","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221118","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221118","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221118/manifests"},{"name":"v1.1.33","sha":"73113785b9e3aa4b2c9c2e1c91463606e882665e","kind":"tag","published_at":"2022-11-16T20:14:28.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.33","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.33","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.33","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.33/manifests"},{"name":"v2.1.33","sha":"678fc3afe258fb2e0cdc165ccf77b85719de7b3c","kind":"tag","published_at":"2022-11-16T18:17:46.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.33","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.33","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.33","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.33/manifests"},{"name":"v1.1.32","sha":"8d0f2452ee95e5895e161ce0a54928661e986c3c","kind":"tag","published_at":"2022-11-14T15:27:57.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.32","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.32","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.32","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.32/manifests"},{"name":"v2.1.32","sha":"4238421316c33d73aeea2801274dd286f157c2bb","kind":"tag","published_at":"2022-11-14T12:37:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.32","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.32","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.32","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.32/manifests"},{"name":"codeql-bundle-20221105","sha":"8aff97f12c99086bdb92ff62ae06dbbcdf07941b","kind":"commit","published_at":"2022-11-07T10:18:21.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221105","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221105","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221105","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221105/manifests"},{"name":"v1.1.31","sha":"9e288b03632e540432812c08ffaef313da7fb1d9","kind":"tag","published_at":"2022-11-04T22:49:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.31","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.31","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.31","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.31/manifests"},{"name":"v2.1.31","sha":"c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898","kind":"tag","published_at":"2022-11-04T20:36:28.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.31","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.31","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.31","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.31/manifests"},{"name":"v1.1.30","sha":"1da1705b0902ee32cb8e4b8010fbddb91719b48e","kind":"tag","published_at":"2022-11-02T13:35:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.30","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.30","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.30","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.30/manifests"},{"name":"v2.1.30","sha":"18fe527fa8b29f134bb91f32f1a5dc5abb15ed7f","kind":"tag","published_at":"2022-11-02T12:13:32.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.30","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.30","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.30","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.30/manifests"},{"name":"v1.1.29","sha":"aacfdb2143271bef44adf6400251bdce32a5dd9a","kind":"tag","published_at":"2022-10-26T09:39:32.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.29","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.29","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.29","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.29/manifests"},{"name":"v2.1.29","sha":"ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6","kind":"tag","published_at":"2022-10-26T08:45:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.29","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.29","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.29","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.29/manifests"},{"name":"codeql-bundle-20221024","sha":"f0a12816612c7306b485a22cb164feb43c6df818","kind":"commit","published_at":"2022-10-18T15:48:30.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221024","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221024","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221024","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221024/manifests"},{"name":"codeql-bundle-20221020","sha":"f0a12816612c7306b485a22cb164feb43c6df818","kind":"commit","published_at":"2022-10-18T15:48:30.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221020","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221020","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221020","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221020/manifests"},{"name":"v1.1.28","sha":"2956c096220fb34b6bf430b4ec7dcff2e77c8084","kind":"tag","published_at":"2022-10-18T15:44:59.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.28","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.28","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.28","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.28/manifests"},{"name":"v2.1.28","sha":"cc7986c02bac29104a72998e67239bb5ee2ee110","kind":"tag","published_at":"2022-10-18T12:54:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.28","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.28","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.28","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.28/manifests"},{"name":"codeql-bundle-20221010","sha":"c6c7d293ca64d6a7e953b9680a26c5ffea86a392","kind":"commit","published_at":"2022-10-07T19:05:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221010","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221010","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221010","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221010/manifests"},{"name":"v1.1.27","sha":"2eeff7bf99c8a7519cedc062526ad4b79863e309","kind":"tag","published_at":"2022-10-07T16:37:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.27","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.27","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.27","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.27/manifests"},{"name":"codeql-bundle-20221007","sha":"3d392940475e4c472e143ff2fd41aaffb1178094","kind":"commit","published_at":"2022-10-07T02:22:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20221007","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20221007","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221007","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20221007/manifests"},{"name":"v2.1.27","sha":"807578363a7869ca324a79039e6db9c843e0e100","kind":"tag","published_at":"2022-10-06T23:20:05.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.27","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.27","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.27","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.27/manifests"},{"name":"v1.1.26","sha":"64b7bbc7e0fc8342f9a7a905c64eea088c9078d0","kind":"tag","published_at":"2022-09-29T20:13:22.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.26","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.26","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.26","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.26/manifests"},{"name":"v2.1.26","sha":"e0e5ded33cabb451ae0a9768fc7b0410bad9ad44","kind":"tag","published_at":"2022-09-29T17:46:46.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.26","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.26","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.26","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.26/manifests"},{"name":"codeql-bundle-20220923","sha":"4c8f13758e748234abaa6a831d6f53981844a524","kind":"commit","published_at":"2022-09-23T14:49:56.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220923","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220923","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220923","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220923/manifests"},{"name":"v1.1.25","sha":"f630e9a5897e219520c6cfdd6e8a430d1a5caf91","kind":"tag","published_at":"2022-09-22T09:50:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.25","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.25","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.25","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.25/manifests"},{"name":"v2.1.25","sha":"86f3159a697a097a813ad9bfa0002412d97690a4","kind":"tag","published_at":"2022-09-21T18:42:16.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.25","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.25","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.25","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.25/manifests"},{"name":"v1.1.24","sha":"83007bbc17d874e3f1654bfaf9367629f7fdcac7","kind":"tag","published_at":"2022-09-16T16:41:55.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.24","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.24","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.24","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.24/manifests"},{"name":"v2.1.24","sha":"904260d7d935dff982205cbdb42025ce30b7a34f","kind":"tag","published_at":"2022-09-16T13:29:53.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.24","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.24","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.24","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.24/manifests"},{"name":"v1.1.23","sha":"fe2e30bafc62994571bcacc370c0818cf12a231e","kind":"tag","published_at":"2022-09-16T09:59:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.23","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.23","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.23","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.23/manifests"},{"name":"v2.1.23","sha":"6a38b7d4a1af70deb1b561eb77db2b5e5a6a1e69","kind":"tag","published_at":"2022-09-15T09:07:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.23","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.23","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.23","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.23/manifests"},{"name":"codeql-bundle-20220908","sha":"9ba4d500aa0261992135290a8c8eff47a4bb2ecb","kind":"commit","published_at":"2022-09-08T17:02:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220908","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220908","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220908","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220908/manifests"},{"name":"v1.1.22","sha":"7cce9bbfb550e880420fd42bdb2f6a2908df139e","kind":"tag","published_at":"2022-09-01T12:16:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.22","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.22","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.22","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.22/manifests"},{"name":"v2.1.22","sha":"b398f525a5587552e573b247ac661067fafa920b","kind":"tag","published_at":"2022-09-01T10:50:27.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.22","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.22","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.22","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.22/manifests"},{"name":"codeql-bundle-20220825","sha":"a59fbe22086cdbbb45d9e16c202e29c781bf2d5e","kind":"commit","published_at":"2022-08-25T18:10:46.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220825","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220825","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220825","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220825/manifests"},{"name":"v1.1.21","sha":"d5cec099b513fccc2cfcc9247113ecc9edbdacc5","kind":"tag","published_at":"2022-08-25T15:59:30.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.21","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.21","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.21/manifests"},{"name":"v2.1.21","sha":"c7f292ea4f542c473194b33813ccd4c207a6c725","kind":"tag","published_at":"2022-08-25T12:52:12.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.21","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.21","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.21/manifests"},{"name":"v1.1.20","sha":"d438a4b810233cc2fd6a278eb3c6777525dcdb32","kind":"tag","published_at":"2022-08-23T11:43:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.20","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.20","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.20/manifests"},{"name":"v2.1.20","sha":"7fee4ca032ac341c12486c4c06822c5221c76533","kind":"tag","published_at":"2022-08-22T10:37:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.20","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.20","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.20/manifests"},{"name":"v1.1.19","sha":"d1ad3b49578d8a66828f9c8e8fbf5f9faec38f85","kind":"tag","published_at":"2022-08-22T08:56:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.19","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.19","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.19/manifests"},{"name":"v2.1.19","sha":"f5d217be74900c6ac8fbbe53f3c10376ba4e64da","kind":"tag","published_at":"2022-08-19T09:42:36.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.19","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.19","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.19/manifests"},{"name":"codeql-bundle-20220811","sha":"c12cfbc92f4748a8b1295109a4d73d7214bff536","kind":"commit","published_at":"2022-08-11T19:28:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220811","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220811","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220811","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220811/manifests"},{"name":"v1.1.18","sha":"af35bd33fba49f9d3fe1ceaf1bd88d9fb26d4fce","kind":"tag","published_at":"2022-08-03T19:28:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.18","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.18","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.18/manifests"},{"name":"v2.1.18","sha":"2ca79b6fa8d3ec278944088b4aa5f46912db5d63","kind":"tag","published_at":"2022-08-03T17:48:37.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.18","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.18","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.18/manifests"},{"name":"v1.1.17","sha":"5207709e29268462bb43351e7cf1330c8a50969a","kind":"tag","published_at":"2022-07-28T20:53:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.17","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.17","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.17/manifests"},{"name":"v2.1.17","sha":"0c670bbf0414f39666df6ce8e718ec5662c21e03","kind":"tag","published_at":"2022-07-28T17:47:28.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.17","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.17","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.17/manifests"},{"name":"codeql-bundle-20220728","sha":"bbc2e7010f187d73e9eb71ea708c31bbbe580964","kind":"commit","published_at":"2022-07-27T20:16:12.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220728","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220728","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220728","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220728/manifests"},{"name":"codeql-bundle-20220714","sha":"d8c9c723a57c026c525f404cf42aa0575f3f0bd8","kind":"commit","published_at":"2022-07-13T14:16:52.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220714","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220714","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220714","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220714/manifests"},{"name":"v1.1.16","sha":"f7b6c0021b777684992d895a563fc3a0e425783a","kind":"tag","published_at":"2022-07-13T13:22:53.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.16","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.16","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.16/manifests"},{"name":"v2.1.16","sha":"3e7e3b32d0fb8283594bb0a76cc60a00918b0969","kind":"tag","published_at":"2022-07-13T11:26:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.16","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.16","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.16/manifests"},{"name":"v1.1.15","sha":"e41f8baf4a726fae01b76b1337c600136468896e","kind":"tag","published_at":"2022-06-28T22:14:59.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.15","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.15/manifests"},{"name":"v2.1.15","sha":"3f62b754e23e0dd60f91b744033e1dc1654c0ec6","kind":"tag","published_at":"2022-06-28T19:04:13.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.15","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.15/manifests"},{"name":"codeql-bundle-20220623","sha":"a965b696589ecab4d3bf919c394c73600217deee","kind":"commit","published_at":"2022-06-23T04:28:54.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220623","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220623","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220623","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220623/manifests"},{"name":"v1.1.14","sha":"714ec5a57d98ec3f11dfdc9ba30f508c95881c1a","kind":"tag","published_at":"2022-06-23T02:18:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.14","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.14/manifests"},{"name":"v2.1.14","sha":"41a4ada31ba866a7f1196b9602703a89edd69e22","kind":"tag","published_at":"2022-06-22T23:54:05.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.14","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.14/manifests"},{"name":"v1.1.13","sha":"614d63af7689aac70b4aa59f89b19d65ef52cd74","kind":"tag","published_at":"2022-06-21T11:59:51.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.13","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.13/manifests"},{"name":"v2.1.13","sha":"d00e8c09a38ef8c1ca1091fc55ef490776d2de73","kind":"tag","published_at":"2022-06-21T09:43:22.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.13","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.13/manifests"},{"name":"codeql-bundle-20220615","sha":"81b419c908d540ec4c7da9bfb4b5d941fca8f624","kind":"commit","published_at":"2022-06-15T03:56:07.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220615","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220615","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220615","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220615/manifests"},{"name":"v1.1.12","sha":"a6611b86918424d4588efe7d6dbe18fe52d42518","kind":"tag","published_at":"2022-06-01T19:51:58.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.12","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.12/manifests"},{"name":"v2.1.12","sha":"27ea8f8fe5977c00f5b37e076ab846c5bd783b96","kind":"tag","published_at":"2022-06-01T17:58:16.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.12","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.12/manifests"},{"name":"codeql-bundle-20220527","sha":"822fe5ef9a15bd752ef127e9ff6eac38ec37dd9c","kind":"commit","published_at":"2022-05-25T10:33:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220527","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220527","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220527","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220527/manifests"},{"name":"codeql-bundle-20220525","sha":"822fe5ef9a15bd752ef127e9ff6eac38ec37dd9c","kind":"commit","published_at":"2022-05-25T10:33:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220525","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220525","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220525","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220525/manifests"},{"name":"v1.1.11","sha":"0e9acb6e5cd338179ea69a99146ca55f796799e0","kind":"tag","published_at":"2022-05-17T09:59:50.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.11","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.11/manifests"},{"name":"v2.1.11","sha":"a3a6c128d771b6b9bdebb1c9d0583ebd2728a108","kind":"tag","published_at":"2022-05-17T08:23:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.11","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.11/manifests"},{"name":"codeql-bundle-20220512","sha":"1fae5bf71b0ecdc7d0a2ef0d0c28409d99693966","kind":"commit","published_at":"2022-05-11T19:03:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220512","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220512","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220512","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220512/manifests"},{"name":"v1.1.10","sha":"5e59d8eec41ddea52e92b223c4803d2ab86d134f","kind":"tag","published_at":"2022-05-11T17:36:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.10","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.10/manifests"},{"name":"v2.1.10","sha":"2f58583a1b24a7d3c7034f6bf9fa506d23b1183b","kind":"tag","published_at":"2022-05-11T15:51:51.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.10","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.10/manifests"},{"name":"codeql-bundle-20220428","sha":"96bc9c36c68e097cd033777efed25c248ffcf09a","kind":"commit","published_at":"2022-05-03T12:21:10.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220428","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220428","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220428","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220428/manifests"},{"name":"v1.1.9","sha":"6c3ae45f3a4a4cfd22f4876f5c2d393d491b51e8","kind":"tag","published_at":"2022-04-27T20:41:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.9","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.9/manifests"},{"name":"v2.1.9","sha":"7502d6e991ca767d2db617bfd823a1ed925a0d59","kind":"tag","published_at":"2022-04-27T18:21:47.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.9","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.9/manifests"},{"name":"codeql-bundle-20220421","sha":"e6e327771b98fd05cc6a83cbe30b4a6f74d5ee88","kind":"commit","published_at":"2022-04-18T16:18:46.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220421","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220421","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220421","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220421/manifests"},{"name":"v1.1.8","sha":"e2cc7cc006b87d43538b16d71752753e7b85224d","kind":"tag","published_at":"2022-04-08T09:56:48.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.8","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.8/manifests"},{"name":"v2.1.8","sha":"1ed1437484560351c5be56cf73a48a279d116b78","kind":"tag","published_at":"2022-04-08T08:45:50.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.8","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.8/manifests"},{"name":"v1.1.7","sha":"1fc1008278d05ba9455caf083444e6c5a1a3cfd8","kind":"tag","published_at":"2022-04-05T17:40:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.7","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.7/manifests"},{"name":"v2.1.7","sha":"0182a2c78c8a55b763909348834ed54d735ab3e2","kind":"tag","published_at":"2022-04-05T16:21:03.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.7","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.7/manifests"},{"name":"codeql-bundle-20220401","sha":"935969c6f771d9f0a35efa2ae9cf7c10d9886ca3","kind":"commit","published_at":"2022-03-31T15:25:07.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220401","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220401","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220401","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220401/manifests"},{"name":"v1.1.6","sha":"4c1021c5041fca6023824e45efb7f83178d52fe2","kind":"tag","published_at":"2022-03-30T14:30:06.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.6","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.6/manifests"},{"name":"v2.1.6","sha":"28eead240834b314f7def40f6fcba65d100d99b1","kind":"tag","published_at":"2022-03-30T11:13:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v2.1.6","html_url":"https://github.com/github/codeql-action/releases/tag/v2.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v2.1.6/manifests"},{"name":"codeql-bundle-20220321","sha":"81bfc289f5947eca8a3358341c874cb4f4697b64","kind":"commit","published_at":"2022-03-21T16:03:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220321","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220321","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220321","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220321/manifests"},{"name":"codeql-bundle-20220322","sha":"81bfc289f5947eca8a3358341c874cb4f4697b64","kind":"commit","published_at":"2022-03-21T16:03:34.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220322","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220322","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220322","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220322/manifests"},{"name":"v1.1.5","sha":"883476649888a9e8e219d5b2e6b789dc024f690c","kind":"tag","published_at":"2022-03-15T19:39:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.5","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.5/manifests"},{"name":"codeql-bundle-20220311","sha":"cdf3c9d01ea4271265ccbc19e40da0956d2ad492","kind":"commit","published_at":"2022-03-09T04:37:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220311","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220311","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220311","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220311/manifests"},{"name":"v1.1.4","sha":"f5d822707ee6e8fb81b04a5c0040b736da22e587","kind":"tag","published_at":"2022-03-07T21:02:06.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.4","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.4/manifests"},{"name":"codeql-bundle-20220224","sha":"117a67b0743599d091109168df5eb673f1641f6b","kind":"commit","published_at":"2022-02-24T18:49:56.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220224","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220224","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220224","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220224/manifests"},{"name":"v1.1.3","sha":"75f07e7ab2ee63cba88752d8c696324e4df67466","kind":"tag","published_at":"2022-02-23T19:33:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.3","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.3/manifests"},{"name":"v1.1.2","sha":"d39d5d5c9707b926d517b1b292905ef4c03aa777","kind":"tag","published_at":"2022-02-17T17:56:56.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.2","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.2/manifests"},{"name":"v1.1.1","sha":"ec300a3159b7f1c667253f7555e4a2dca734a537","kind":"tag","published_at":"2022-02-17T12:29:23.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.1","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.1/manifests"},{"name":"codeql-bundle-20220214","sha":"2c6b76bc5a6dafa5a35d5865bb3aa1c1f21e7a44","kind":"commit","published_at":"2022-02-11T12:33:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220214","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220214","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220214","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220214/manifests"},{"name":"codeql-bundle-20220211","sha":"2c6b76bc5a6dafa5a35d5865bb3aa1c1f21e7a44","kind":"commit","published_at":"2022-02-11T12:33:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220211","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220211","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220211","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220211/manifests"},{"name":"v1.1.0","sha":"474bbf07f9247ffe1856c6a0f94aeeb10e7afee6","kind":"tag","published_at":"2022-02-11T11:57:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.1.0","html_url":"https://github.com/github/codeql-action/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.1.0/manifests"},{"name":"v1.0.32","sha":"2b46439dd5477d8a1659811cdc500d35e601a1cb","kind":"tag","published_at":"2022-02-07T18:22:13.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.32","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.32","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.32","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.32/manifests"},{"name":"codeql-bundle-20220128","sha":"904d0acf90cac7eebff96392ba334b027f7470d5","kind":"commit","published_at":"2022-02-04T12:37:55.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220128","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220128","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220128","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220128/manifests"},{"name":"v1.0.31","sha":"1a927e9307bc11970b2c679922ebc4d03a5bd980","kind":"tag","published_at":"2022-01-31T16:41:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.31","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.31","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.31","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.31/manifests"},{"name":"v1.0.30","sha":"8b37404d562d866ad6a65d0ecb4fa5131e047ca4","kind":"tag","published_at":"2022-01-24T13:01:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.30","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.30","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.30","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.30/manifests"},{"name":"v1.0.29","sha":"384cfc42b2131df01c009d3d2eed7b78d8e8556e","kind":"tag","published_at":"2022-01-21T11:11:59.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.29","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.29","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.29","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.29/manifests"},{"name":"codeql-bundle-20220120","sha":"c0b507e521f4f2e76fa90bfbfe1348fc5652d211","kind":"commit","published_at":"2022-01-18T22:21:27.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220120","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220120","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220120","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220120/manifests"},{"name":"v1.0.28","sha":"8a4b243fbf9a03a93e93a71c1ec257347041f9c4","kind":"tag","published_at":"2022-01-18T21:35:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.28","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.28","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.28","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.28/manifests"},{"name":"codeql-bundle-20220112","sha":"cbabe47a0b6f738579daf5b732a59bbb4689daaf","kind":"commit","published_at":"2022-01-11T22:22:02.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220112","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220112","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220112","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220112/manifests"},{"name":"v1.0.27","sha":"cd783c8a29bdcf5a5c79c5137889e24651fa626c","kind":"tag","published_at":"2022-01-11T21:43:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.27","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.27","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.27","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.27/manifests"},{"name":"codeql-bundle-20220104","sha":"9763bdd6eccf6e363355951c27f4b73f13c9f263","kind":"commit","published_at":"2022-01-04T18:25:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20220104","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20220104","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220104","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20220104/manifests"},{"name":"v1.0.26","sha":"5f532563584d71fdef14ee64d17bafb34f751ce5","kind":"tag","published_at":"2021-12-10T18:39:56.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.26","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.26","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.26","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.26/manifests"},{"name":"codeql-bundle-20211208","sha":"e694ca61929299f3759556e72cb255264bf23f7d","kind":"commit","published_at":"2021-12-09T00:01:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211208","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211208","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211208","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211208/manifests"},{"name":"codeql-bundle-20211207","sha":"0dbcb5561766c3b2b85001d21d08806f11c46c78","kind":"commit","published_at":"2021-12-06T16:23:57.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211207","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211207","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211207","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211207/manifests"},{"name":"v1.0.25","sha":"546b30f35ae5a3db0e0be1843008c2224f71c3b0","kind":"tag","published_at":"2021-12-06T15:14:06.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.25","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.25","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.25","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.25/manifests"},{"name":"v1.0.24","sha":"e095058bfa09de8070f94e98f5dc059531bc6235","kind":"tag","published_at":"2021-11-23T10:59:28.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.24","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.24","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.24","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.24/manifests"},{"name":"codeql-bundle-20211122","sha":"26567f6a492cf20b8a8a6913432a4f1b834b12be","kind":"commit","published_at":"2021-11-20T00:30:04.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211122","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211122","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211122","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211122/manifests"},{"name":"v1.0.23","sha":"a627e9fa504113bfa8e90a9b429b157a38b1cdbd","kind":"tag","published_at":"2021-11-16T19:57:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.23","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.23","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.23","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.23/manifests"},{"name":"codeql-bundle-20211115","sha":"ea8a175a944610205ee14dad53eba4b399b20400","kind":"commit","published_at":"2021-11-08T11:23:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211115","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211115","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211115","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211115/manifests"},{"name":"v1.0.22","sha":"5581e08a65fc3811c3ac78939dd59e7a8adbf003","kind":"tag","published_at":"2021-11-04T11:49:42.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.22","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.22","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.22","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.22/manifests"},{"name":"v1.0.21","sha":"e891551dd4836643fb9f223d7ff08e83e8073534","kind":"tag","published_at":"2021-10-28T21:18:51.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.21","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.21","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.21/manifests"},{"name":"codeql-bundle-20211025","sha":"503f29874a632f2c0b3b58b1ea12fd4864a16965","kind":"commit","published_at":"2021-10-25T18:31:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211025","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211025","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211025","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211025/manifests"},{"name":"v1.0.20","sha":"e86ea38e3f233a8bcf5afc904ee9fb422d5cf6e8","kind":"tag","published_at":"2021-10-25T16:49:58.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.20","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.20","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.20/manifests"},{"name":"v1.0.19","sha":"1990ded3d254be86a1af1948d034534fad74a032","kind":"tag","published_at":"2021-10-18T22:14:07.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.19","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.19","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.19/manifests"},{"name":"v1.0.18","sha":"fd3190bba58b65cbefb742009518a03a07af24d7","kind":"tag","published_at":"2021-10-08T13:42:41.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.18","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.18","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.18/manifests"},{"name":"v1.0.17","sha":"03e7dda1b95c7f6aae67e875850e96fad898d31e","kind":"tag","published_at":"2021-10-07T18:48:57.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.17","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.17","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.17/manifests"},{"name":"codeql-bundle-20211005","sha":"7d56b0cd44f66136d094ee8b67d457c9cec4b8ef","kind":"commit","published_at":"2021-10-05T09:26:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211005","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211005","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211005","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211005/manifests"},{"name":"codeql-bundle-20211013","sha":"69ddeed7d5cafe8e5bdf66f7827f4baab6dba696","kind":"commit","published_at":"2021-10-05T08:38:02.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20211013","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20211013","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211013","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20211013/manifests"},{"name":"v1.0.16","sha":"1ddd8a5632ff73c3f5c27437cf052373e3318e39","kind":"tag","published_at":"2021-10-05T08:29:29.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.16","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.16","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.16/manifests"},{"name":"v1.0.15","sha":"1b37538d9c22dd3f3d0c52992fa20da98683bd34","kind":"tag","published_at":"2021-09-22T16:44:05.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.15","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.15/manifests"},{"name":"codeql-bundle-20210921","sha":"7112cdaa06f3b661965fe3e2e93c9acaadbe85f3","kind":"commit","published_at":"2021-09-14T20:03:22.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210921","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210921","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210921","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210921/manifests"},{"name":"codeql-bundle-20210909","sha":"aa1baf5b84f261613119deb886ca56c4a06df82c","kind":"commit","published_at":"2021-09-09T13:15:20.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210909","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210909","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210909","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210909/manifests"},{"name":"v1.0.14","sha":"4854dd23d5f2aada3f026670784d5109e7702ea9","kind":"tag","published_at":"2021-09-09T12:33:43.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.14","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.14/manifests"},{"name":"codeql-bundle-20210907","sha":"54fc9c575eca300040df37d168253da99b32fb7e","kind":"commit","published_at":"2021-09-06T12:17:33.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210907","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210907","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210907","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210907/manifests"},{"name":"v1.0.13","sha":"89d78ba4572c7854683ec144d212bf0b52cd2a2a","kind":"tag","published_at":"2021-09-06T11:50:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.13","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.13/manifests"},{"name":"codeql-bundle-20210824","sha":"f0a2954c120c04a4195c66516bc0d886636b2a03","kind":"commit","published_at":"2021-08-17T08:53:18.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210824","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210824","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210824","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210824/manifests"},{"name":"v1.0.12","sha":"b0e70410b40f1a9af3bba1cecd95b4b57896af26","kind":"tag","published_at":"2021-08-16T09:19:49.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.12","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.12/manifests"},{"name":"v1.0.11","sha":"db7158f9ba305f7f7294527cd69cfa3bc28d9867","kind":"tag","published_at":"2021-08-09T21:13:54.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.11","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.11/manifests"},{"name":"codeql-bundle-20210809","sha":"8ddd620de316dd9ef186dfedd0ecd605bfa37c74","kind":"commit","published_at":"2021-08-09T17:28:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210809","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210809","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210809","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210809/manifests"},{"name":"codeql-bundle-20210805","sha":"d98d4f5fa8a8100cb3efbd52ea0c174cfd05d1d7","kind":"commit","published_at":"2021-08-04T09:16:31.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210805","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210805","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210805","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210805/manifests"},{"name":"v1.0.10","sha":"a00769bdfb6706a7400db6aa98570597be644555","kind":"tag","published_at":"2021-08-03T09:06:02.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.10","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.10/manifests"},{"name":"v1.0.9","sha":"33f3438c1d59883f5e769fdf2b6adb6794d91d0f","kind":"tag","published_at":"2021-08-02T09:36:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.9","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.9/manifests"},{"name":"codeql-bundle-v2.6.0-beta.1","sha":"dae51797d0da381f514b16f431b833e159385be1","kind":"commit","published_at":"2021-07-27T18:36:15.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-v2.6.0-beta.1","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.6.0-beta.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.6.0-beta.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-v2.6.0-beta.1/manifests"},{"name":"v1.0.8","sha":"59e2f2d80daf1eaf3fb2cdf1cb1fcd1bbe7448e3","kind":"tag","published_at":"2021-07-26T23:35:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.8","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.8/manifests"},{"name":"codeql-bundle-20210726","sha":"fa857eb53f1f0746a0206ae6d2300b4f7bd7a197","kind":"commit","published_at":"2021-07-26T15:28:26.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210726","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210726","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210726","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210726/manifests"},{"name":"v1.0.7","sha":"592af860c5202d807cbd19ffcf9bd63cf3b7edf2","kind":"tag","published_at":"2021-07-21T14:22:20.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.7","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.7/manifests"},{"name":"v1.0.6","sha":"84173b94c97f24e0be9c585133d8e0421efca515","kind":"tag","published_at":"2021-07-19T09:32:48.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.6","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.6/manifests"},{"name":"v1.0.5","sha":"500dad96d7fcdc698d0155829f2ae8bb6f3b79a9","kind":"tag","published_at":"2021-07-12T23:03:30.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.5","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.5/manifests"},{"name":"codeql-bundle-20210702","sha":"fd614e57923f55c81d5f74da1305bd59810b6287","kind":"commit","published_at":"2021-06-30T20:56:10.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210702","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210702","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210702","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210702/manifests"},{"name":"codeql-bundle-20210628","sha":"1e61ecb0c1f5d81390edc8ec790ef62266b8dcb8","kind":"commit","published_at":"2021-06-28T15:57:01.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210628","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210628","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210628","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210628/manifests"},{"name":"v1.0.4","sha":"03450ff6ed030a238fc544b2eee5da82b4ee6b99","kind":"tag","published_at":"2021-06-28T15:23:39.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.4","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.4/manifests"},{"name":"v1.0.3","sha":"cf6e01948098c3a455ebd0e4ef4ca9d6ae29ff1e","kind":"tag","published_at":"2021-06-23T14:56:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.3","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.3/manifests"},{"name":"codeql-bundle-20210621","sha":"b2d10b39b08a06064a0b44a64b61837c9e00b827","kind":"commit","published_at":"2021-06-21T15:42:17.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210621","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210621","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210621","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210621/manifests"},{"name":"codeql-bundle-20210622","sha":"b2d10b39b08a06064a0b44a64b61837c9e00b827","kind":"commit","published_at":"2021-06-21T15:42:17.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210622","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210622","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210622","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210622/manifests"},{"name":"v1.0.2","sha":"37f75f1702c69e1745e3dd7a591b6b8130d34e13","kind":"tag","published_at":"2021-06-17T18:01:47.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.2","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.2/manifests"},{"name":"v1.0.1","sha":"ece2addcff6617641ef7caf0016fb0fd4c2a9962","kind":"tag","published_at":"2021-06-07T20:59:03.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.1","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"b7dd4a6f2c343e29a9ab8e181b2f540816f28bd7","kind":"tag","published_at":"2021-05-21T18:07:20.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/v1.0.0","html_url":"https://github.com/github/codeql-action/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/v1.0.0/manifests"},{"name":"codeql-bundle-20210517","sha":"21830ef0c1f0f06f2d82ba3f1f07cb3ffe543ed7","kind":"commit","published_at":"2021-05-14T19:57:44.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210517","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210517","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210517","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210517/manifests"},{"name":"codeql-bundle-20210507","sha":"f00bafbde1cf72f723cff6bcb0fa170325b2edb9","kind":"commit","published_at":"2021-05-07T18:02:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210507","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210507","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210507","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210507/manifests"},{"name":"codeql-bundle-20210509","sha":"f00bafbde1cf72f723cff6bcb0fa170325b2edb9","kind":"commit","published_at":"2021-05-07T18:02:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210509","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210509","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210509","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210509/manifests"},{"name":"codeql-bundle-20210503","sha":"cb5810848de15b695cd9ef3b559dd178c43c7df3","kind":"commit","published_at":"2021-04-30T17:02:00.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210503","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210503","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210503","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210503/manifests"},{"name":"codeql-bundle-20210430","sha":"33bb16c8b4cd7f6ace8b7f21f9d693f63e832a18","kind":"commit","published_at":"2021-04-30T13:19:45.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210430","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210430","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210430","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210430/manifests"},{"name":"codeql-bundle-20210429","sha":"1585462c63bbf1fe66558b776baebdf15cea0f3a","kind":"commit","published_at":"2021-04-28T23:41:55.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210429","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210429","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210429","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210429/manifests"},{"name":"codeql-bundle-20210421","sha":"1fa35632f23437356985bfd3104919477b0128ec","kind":"commit","published_at":"2021-04-20T11:31:19.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210421","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210421","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210421","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210421/manifests"},{"name":"codeql-bundle-20210419","sha":"8bd2b3516b0b8122ac06f60fabd59f7d1c527422","kind":"commit","published_at":"2021-04-19T09:30:53.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210419","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210419","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210419","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210419/manifests"},{"name":"codeql-bundle-20210326","sha":"bb012c407093079748e2a9fefbaf2f3df57253ca","kind":"commit","published_at":"2021-03-25T14:02:01.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210326","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210326","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210326","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210326/manifests"},{"name":"codeql-bundle-20210319","sha":"c4fced73480115530f80f2dfb12951e4d0849bc1","kind":"commit","published_at":"2021-03-18T16:40:47.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210319","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210319","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210319","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210319/manifests"},{"name":"codeql-bundle-20210308","sha":"6ddfab14f6aba904be98af67c97d34bafeafb357","kind":"commit","published_at":"2021-03-08T18:51:58.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210308","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210308","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210308","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210308/manifests"},{"name":"codeql-bundle-20210304","sha":"bde489c632294cab75a68da470db1d409bdddc8a","kind":"commit","published_at":"2021-03-01T13:20:17.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210304","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210304","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210304","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210304/manifests"},{"name":"codeql-bundle-20210127","sha":"0dc37c7260df8e43e9d5a7d4455662fda84240b3","kind":"commit","published_at":"2021-01-26T17:43:05.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20210127","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210127","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210127","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20210127/manifests"},{"name":"codeql-bundle-20201127","sha":"8d18e347a7c155d034848ceeb01415097f59fd07","kind":"commit","published_at":"2020-11-26T16:36:46.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20201127","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20201127","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201127","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201127/manifests"},{"name":"codeql-bundle-20201106","sha":"f13bd452d797f4eac9d9bdc331611d98a248dbee","kind":"commit","published_at":"2020-11-05T10:22:10.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20201106","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20201106","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201106","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201106/manifests"},{"name":"codeql-bundle-20201028","sha":"46110c361b7e9ea1b6f9c6ba2cc941fa7a106cca","kind":"commit","published_at":"2020-10-27T13:36:20.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20201028","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20201028","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201028","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201028/manifests"},{"name":"test-build-runner","sha":"c8b8c0415e1b3893804e72bdae42e29371291203","kind":"commit","published_at":"2020-10-15T12:48:25.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/test-build-runner","html_url":"https://github.com/github/codeql-action/releases/tag/test-build-runner","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/test-build-runner","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/test-build-runner/manifests"},{"name":"codeql-bundle-20201008","sha":"b1e2c9b8bd0550a90e66c967d9795316f9f21910","kind":"commit","published_at":"2020-10-06T10:38:40.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20201008","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20201008","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201008","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20201008/manifests"},{"name":"codeql-bundle-20200826","sha":"aac5eb2aea3e7d73d19e4d8dc442b6f1f57da25d","kind":"commit","published_at":"2020-08-26T14:03:23.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20200826","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20200826","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200826","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200826/manifests"},{"name":"bundle-test-20200812","sha":"bcf676e52d63fabd80ac107318ad4240d4ce687e","kind":"commit","published_at":"2020-08-10T15:14:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/bundle-test-20200812","html_url":"https://github.com/github/codeql-action/releases/tag/bundle-test-20200812","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/bundle-test-20200812","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/bundle-test-20200812/manifests"},{"name":"codeql-bundle-20200812","sha":"bcf676e52d63fabd80ac107318ad4240d4ce687e","kind":"commit","published_at":"2020-08-10T15:14:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20200812","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20200812","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200812","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200812/manifests"},{"name":"bundle-test","sha":"bcf676e52d63fabd80ac107318ad4240d4ce687e","kind":"commit","published_at":"2020-08-10T15:14:11.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/bundle-test","html_url":"https://github.com/github/codeql-action/releases/tag/bundle-test","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/bundle-test","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/bundle-test/manifests"},{"name":"codeql-bundle-20200630","sha":"e0299c3c045c9c6a4274140b38819cd0e79670de","kind":"commit","published_at":"2020-06-29T11:49:28.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20200630","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20200630","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200630","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200630/manifests"},{"name":"codeql-bundle-20200601","sha":"28a878efc36d98a2083247e825a905fc068ff439","kind":"commit","published_at":"2020-06-01T09:33:50.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20200601","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20200601","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200601","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200601/manifests"},{"name":"codeql-bundle-20200427","sha":"ae26408e807e51a12f1c50d75354a90015d6d1dd","kind":"commit","published_at":"2020-04-27T21:59:14.000Z","download_url":"https://codeload.github.com/github/codeql-action/tar.gz/codeql-bundle-20200427","html_url":"https://github.com/github/codeql-action/releases/tag/codeql-bundle-20200427","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200427","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/tags/codeql-bundle-20200427/manifests"}]},"repo_metadata_updated_at":"2024-03-25T10:36:23.856Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":9.569088224632877,"dependent_packages_count":8.484559142066503,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":9.02682368334969},"purl":"pkg:golang/github.com/github/codeql-action","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/github/codeql-action","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/github/codeql-action","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/github/codeql-action/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgithub%2Fcodeql-action/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgithub%2Fcodeql-action/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgithub%2Fcodeql-action/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgithub%2Fcodeql-action/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1882879,"maintainers_count":0,"namespaces_count":723926,"keywords_count":97872,"github":"golang","metadata":{"funded_packages_count":39346},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-06T05:22:27.920Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":16646,"unique_repositories_count_past_30_days":1709,"recent_issues":[{"uuid":"4519901394","node_id":"PR_kwDORhaKzc7fMG8Q","number":155,"state":"open","title":"ci: bump github/codeql-action from 4.35.4 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:40:44.000Z","updated_at":"2026-05-25T22:41:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/motxx/anchr/pull/155","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/motxx%2Fanchr/issues/155","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/155/packages"},{"uuid":"4519900612","node_id":"PR_kwDORzb3K87fMGw7","number":90,"state":"open","title":"chore(deps): bump github/codeql-action from 4.35.2 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:40:36.000Z","updated_at":"2026-05-25T22:40:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github/codeql-action","old_version":"4.35.2","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.2\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/granit-fx/granit-iot/pull/90","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/granit-fx%2Fgranit-iot/issues/90","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/90/packages"},{"uuid":"4519829585","node_id":"PR_kwDONK5uhM7fL35q","number":356,"state":"open","title":"build(ci): Bump github/codeql-action from 4.35.1 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","automerge"],"assignees":[],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:21:44.000Z","updated_at":"2026-05-25T22:29:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(ci): Bump","packages":[{"name":"github/codeql-action","old_version":"4.35.1","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.1\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/driessamyn/kapper/pull/356","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/driessamyn%2Fkapper/issues/356","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/356/packages"},{"uuid":"4519816531","node_id":"PR_kwDOSd_v_c7fL1Np","number":9,"state":"open","title":"chore(ci): bump github/codeql-action from 4.35.4 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:17:55.000Z","updated_at":"2026-05-25T22:17:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/rdegges/redline/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdegges%2Fredline/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4519814444","node_id":"PR_kwDOOLge3c7fL0yq","number":561,"state":"open","title":"chore(deps): bump the github-actions group with 2 updates","user":"dependabot[bot]","labels":["dependencies","github-actions","security"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:17:15.000Z","updated_at":"2026-05-25T22:37:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":2,"packages":[{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"github/codeql-action","old_version":"4.35.3","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 2 updates: [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.3 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.35.3...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/edge-ai/pull/561","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fedge-ai/issues/561","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/561/packages"},{"uuid":"4519772863","node_id":"PR_kwDOJoEmPc7fLsTa","number":358,"state":"open","title":"ci(deps): bump the actions group with 8 updates","user":"dependabot[bot]","labels":["dependencies","ci"],"assignees":["SimplicityGuy"],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:06:09.000Z","updated_at":"2026-05-25T22:13:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps): bump","group_name":"actions","update_count":8,"packages":[{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/metadata-action","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/docker/metadata-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"anthropics/claude-code-action","old_version":"1.0.127","new_version":"1.0.133","repository_url":"https://github.com/anthropics/claude-code-action"},{"name":"dataaxiom/ghcr-cleanup-action","old_version":"1.0.16","new_version":"1.2.1","repository_url":"https://github.com/dataaxiom/ghcr-cleanup-action"},{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"taiki-e/install-action","old_version":"2.79.2","new_version":"2.79.7","repository_url":"https://github.com/taiki-e/install-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.127` | `1.0.133` |\n| [dataaxiom/ghcr-cleanup-action](https://github.com/dataaxiom/ghcr-cleanup-action) | `1.0.16` | `1.2.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.5` | `4.36.0` |\n| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.79.2` | `2.79.7` |\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/metadata-action` from 6.0.0 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/metadata-action/releases\"\u003edocker/metadata-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/613\"\u003edocker/metadata-action#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/658\"\u003edocker/metadata-action#658\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/630\"\u003edocker/metadata-action#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump csv-parse from 6.1.0 to 6.2.1 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/617\"\u003edocker/metadata-action#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/620\"\u003edocker/metadata-action#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/623\"\u003edocker/metadata-action#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/621\"\u003edocker/metadata-action#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/629\"\u003edocker/metadata-action#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/639\"\u003edocker/metadata-action#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump moment-timezone from 0.6.0 to 0.6.1 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/619\"\u003edocker/metadata-action#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/626\"\u003edocker/metadata-action#626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/649\"\u003edocker/metadata-action#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/657\"\u003edocker/metadata-action#657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/614\"\u003edocker/metadata-action#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/637\"\u003edocker/metadata-action#637\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/metadata-action/compare/v6.0.0...v6.1.0\"\u003ehttps://github.com/docker/metadata-action/compare/v6.0.0...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9\"\u003e\u003ccode\u003e80c7e94\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/613\"\u003e#613\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/8e0ddab90c29de6fff30c787e328563e48106fd0\"\u003e\u003ccode\u003e8e0ddab\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/a8db14bd863c93be08c93c13e1cc816ec5b49b2e\"\u003e\u003ccode\u003ea8db14b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/63a7371ee01888324f2c7b3e18be9ac13b9dbdbc\"\u003e\u003ccode\u003e63a7371\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/617\"\u003e#617\u003c/a\u003e from docker/dependabot/npm_and_yarn/csv-parse-6.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/c6916a6cf86608c44ba936565d57f550835ecd45\"\u003e\u003ccode\u003ec6916a6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/aca9205632182712a2d859059cf12fdc9b2ca202\"\u003e\u003ccode\u003eaca9205\u003c/code\u003e\u003c/a\u003e chore(deps): Bump csv-parse from 6.1.0 to 6.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/9dcfe60f10ebea72e9e48bf8bf366d01629d045a\"\u003e\u003ccode\u003e9dcfe60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/629\"\u003e#629\u003c/a\u003e from docker/dependabot/npm_and_yarn/handlebars-4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/43dea7677c80686dc31a7b16e61ba9d542081b59\"\u003e\u003ccode\u003e43dea76\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/7a56f5af0aa2d36278ba725bb44091417def9f73\"\u003e\u003ccode\u003e7a56f5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump handlebars from 4.7.8 to 4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/e49e0aa5deac3d581afd6ce80464d84ef68f5ccc\"\u003e\u003ccode\u003ee49e0aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/658\"\u003e#658\u003c/a\u003e from docker/dependabot/npm_and_yarn/brace-expansion-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/metadata-action/compare/030e881283bb7a6894de51c315a6bfe6a94e05cf...80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropics/claude-code-action` from 1.0.127 to 1.0.133\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/claude-code-action/releases\"\u003eanthropics/claude-code-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.133\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse workload identity federation for Claude auth in CI workflows by \u003ca href=\"https://github.com/ashwin-ant\"\u003e\u003ccode\u003e@​ashwin-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/pull/1344\"\u003eanthropics/claude-code-action#1344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.133\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.133\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.132\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.132\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.132\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.131\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.131\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.131\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.130\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Workload Identity Federation (OIDC) authentication support by \u003ca href=\"https://github.com/ashwin-ant\"\u003e\u003ccode\u003e@​ashwin-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/pull/1338\"\u003eanthropics/claude-code-action#1338\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.130\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.130\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.129\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.129\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.129\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.128\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.128\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.128\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251\"\u003e\u003ccode\u003e787c5a0\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.150 and Agent SDK to 0.3.150\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/4257c8e0591343e1130ae550a49ae34dd17c7060\"\u003e\u003ccode\u003e4257c8e\u003c/code\u003e\u003c/a\u003e Use workload identity federation for Claude auth in CI workflows (\u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/issues/1344\"\u003e#1344\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/bbfaf8e1ffe3e688f7ab65ceee78de241e24a238\"\u003e\u003ccode\u003ebbfaf8e\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.149 and Agent SDK to 0.3.149\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/4481e6d3c7bbb88db2a928ca3444c536f589c7c1\"\u003e\u003ccode\u003e4481e6d\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.148 and Agent SDK to 0.3.148\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/661a6fefbd0569ef35809da16775508ab1937862\"\u003e\u003ccode\u003e661a6fe\u003c/code\u003e\u003c/a\u003e Add Workload Identity Federation (OIDC) authentication support (\u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/issues/1338\"\u003e#1338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/c9d66afb1788e701c57d58842e324dca17fd276e\"\u003e\u003ccode\u003ec9d66af\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.147 and Agent SDK to 0.3.147\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/20c8abf165d5f85ab3fc970db9498436377dc9d1\"\u003e\u003ccode\u003e20c8abf\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.146 and Agent SDK to 0.3.146\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/1dc994ee7a008f0ecc866d9ac23ef036b7229f84...787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dataaxiom/ghcr-cleanup-action` from 1.0.16 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/releases\"\u003edataaxiom/ghcr-cleanup-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: tolerate every 404 on package version delete (was: fail on the second) (fix \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/121\"\u003e#121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: eliminate spurious \u0026quot;wasn't found\u0026quot; warnings from cosign signature dual-cascade race\u003c/li\u003e\n\u003cli\u003efix: per-image log buffer flushes audit trail even when a cascade errors mid-flight\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeature: cross-run manifest cache; warm runs only fetch newly-published manifests (hit rate logged)\u003c/li\u003e\n\u003cli\u003eperf: parallel API throughout — package pagination, manifest fetches, untag PUTs, child/referrer deletes\u003c/li\u003e\n\u003cli\u003eperf: batched untagging — one reload per batch instead of one per tag\u003c/li\u003e\n\u003cli\u003eperf: push token reuse across untag PUTs + 429/secondary rate-limit retries on registry auth\u003c/li\u003e\n\u003cli\u003efix: \u003ccode\u003erepository\u003c/code\u003e input is now informational; cleanup uses \u003ccode\u003eowner\u003c/code\u003e + \u003ccode\u003epackage\u003c/code\u003e directly (supports unlinked / cross-account packages)\u003c/li\u003e\n\u003cli\u003elog volume cap at 1000 lines per group (info); per-image log output buffered to avoid interleaving under concurrent deletes\u003c/li\u003e\n\u003cli\u003epackage version upgrades\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve OCI 1.1 subject-bearing referrers (cosign sigstore-bundles, attestations) during cleanup — were silently deleted as untagged  \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/71\"\u003e#71\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: keep-n-tagged now gates untag operations; a matched tag is not stripped from an image that keep-n-tagged would protect (\u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/99\"\u003e#99\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: shared multi-arch platform digests no longer cascade-deleted when one of multiple parent indexes is removed (\u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: delete-partial-images excludes fully ghost images \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/112\"\u003e#112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Octokit error output visible at all log levels (was suppressed when log-level was error or warn)\u003c/li\u003e\n\u003cli\u003efix: expand-packages rejects fine-grained PATs upfront with a clear message\u003c/li\u003e\n\u003cli\u003efix: setFailed message no longer overwritten by an empty Error in early-failure paths\u003c/li\u003e\n\u003cli\u003efeat: ReDoS guard on user-supplied regex (delete-tags, exclude-tags, package) when use-regex: true\u003c/li\u003e\n\u003cli\u003efeat: code refactor/split, removal of anys where possible using typed classes\u003c/li\u003e\n\u003cli\u003echore(deps): Node.js 24\u003c/li\u003e\n\u003cli\u003edocs: README rewrite + Limitations section (5,000-download undeletable policy, nested-manifest non-support)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/f092b48ba3b604b2a83690dc4b2bbb3392e1045f\"\u003e\u003ccode\u003ef092b48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/122\"\u003e#122\u003c/a\u003e from rohanmars/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/fa3daf51ec24bdab74b5d5cb520ab1ff6c1574b3\"\u003e\u003ccode\u003efa3daf5\u003c/code\u003e\u003c/a\u003e ci: hoist fork-PR approval gate to a single job (was per matrix entry)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/c1ba2892f45835eb93d3098d345fd4d1b0b8a55c\"\u003e\u003ccode\u003ec1ba289\u003c/code\u003e\u003c/a\u003e fix: synchronously claim digests before delete to prevent concurrent duplicat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/f5e37e78087d207cf9e59fb64a315bd29f549b02\"\u003e\u003ccode\u003ef5e37e7\u003c/code\u003e\u003c/a\u003e fix: tolerate all 404s on package version delete; always flush per-tree log b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/374e2028c8fb93b7219f3771cd405fab95d3dec4\"\u003e\u003ccode\u003e374e202\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/120\"\u003e#120\u003c/a\u003e from rohanmars/code-review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/e1e6176a142017b55a10ab9b4e0254f796ba73b8\"\u003e\u003ccode\u003ee1e6176\u003c/code\u003e\u003c/a\u003e perf: cap per-listing log volume at 1000 lines (truncate at INFO)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/65168955b48cf8ce64bfbf982286e3ff337411ab\"\u003e\u003ccode\u003e6516895\u003c/code\u003e\u003c/a\u003e fix: drop the post-reload untag-ops invariant assertion (3.1.5 retraction)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/5a020afddcef0140ec3d7fdba9ea6b58142425f3\"\u003e\u003ccode\u003e5a020af\u003c/code\u003e\u003c/a\u003e feat: buffer deleteImage logs per top-level tree, flush atomically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/8263ff3c8ab96084ed0a73b74107200cc7a2142f\"\u003e\u003ccode\u003e8263ff3\u003c/code\u003e\u003c/a\u003e chore: refresh dependencies to latest patches within current ranges\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/5a3f4cc928b27a87c2d169ecd3eaf975c021e833\"\u003e\u003ccode\u003e5a3f4cc\u003c/code\u003e\u003c/a\u003e chore: update coverage badge to 94.47%\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/compare/cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4...f092b48ba3b604b2a83690dc4b2bbb3392e1045f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.5 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `taiki-e/install-action` from 2.79.2 to 2.79.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/taiki-e/install-action/releases\"\u003etaiki-e/install-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.79.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etypos@latest\u003c/code\u003e to 1.46.3.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.15.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-bindgen@latest\u003c/code\u003e to 0.2.122.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.14.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-deny@latest\u003c/code\u003e to 0.19.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.26.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ejaq@latest\u003c/code\u003e to 3.0.0. (\u003ca href=\"https://redirect.github.com/taiki-e/install-action/pull/1861\"\u003e#1861\u003c/a\u003e, thanks \u003ca href=\"https://github.com/MusicalNinjaDad\"\u003e\u003ccode\u003e@​MusicalNinjaDad\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasmtime@latest\u003c/code\u003e to 45.0.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-tools@latest\u003c/code\u003e to 1.250.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.13.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emartin@latest\u003c/code\u003e to 1.10.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprotoc@latest\u003c/code\u003e to 3.35.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emdbook@latest\u003c/code\u003e to 0.5.3.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.12.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emartin@latest\u003c/code\u003e to 1.10.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003euv@latest\u003c/code\u003e to 0.11.15.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md\"\u003etaiki-e/install-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThis project adheres to \u003ca href=\"https://semver.org\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003e[2.79.7] - 2026-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etypos@latest\u003c/code\u003e to 1.46.3.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.15.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.79.6] - 2026-05-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-bindgen@latest\u003c/code\u003e to 0.2.122.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.14.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-deny@latest\u003c/code\u003e to 0.19.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.26.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.79.5] - 2026-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ejaq@latest\u003c/code\u003e to 3.0.0. (\u003ca href=\"https://redirect.github.com/taiki-e/install-action/pull/1861\"\u003e#1861\u003c/a\u003e, thanks \u003ca href=\"https://github.com/MusicalNinjaDad\"\u003e\u003ccode\u003e@​MusicalNinjaDad\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasmtime@latest\u003c/code\u003e to 45.0.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-tools@latest\u003c/code\u003e to 1.250.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.13.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.79.4] - 2026-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emartin@latest\u003c/code\u003e to 1.10.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/d9be7d8cda89035c9c843f78bd44d4f72d8403d4\"\u003e\u003ccode\u003ed9be7d8\u003c/code\u003e\u003c/a\u003e Release 2.79.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/7728147b45f9a2629f83441ea4c596dd78dd42bb\"\u003e\u003ccode\u003e7728147\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003etypos@latest\u003c/code\u003e to 1.46.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/6df4f178805216b15bb33bc4bc2559da31008ba3\"\u003e\u003ccode\u003e6df4f17\u003c/code\u003e\u003c/a\u003e Update parse-dockerfile manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/be60431cdce1a8b76552819b4552e38faa629226\"\u003e\u003ccode\u003ebe60431\u003c/code\u003e\u003c/a\u003e Update knope manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/24db57b4143014bff99e6a6a95e0949eccfbb699\"\u003e\u003ccode\u003e24db57b\u003c/code\u003e\u003c/a\u003e ci,tools: Update config and script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/56d048e4beac934a8322e8b4304f5918298ee994\"\u003e\u003ccode\u003e56d048e\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/88886e83d3f1f02ee7c8ef6bc19353ebe4c5e2b7\"\u003e\u003ccode\u003e88886e8\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/1a101afe879f28ef068448b2700a61687bc53fe8\"\u003e\u003ccode\u003e1a101af\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/f48d2f8ba2b452934c948b7be1a768079c3632ff\"\u003e\u003ccode\u003ef48d2f8\u003c/code\u003e\u003c/a\u003e Release 2.79.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/64c43fd29c96b85324f393bc82ca0a5396148dd5\"\u003e\u003ccode\u003e64c43fd\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003ewasm-bindgen@latest\u003c/code\u003e to 0.2.122\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/taiki-e/install-action/compare/213ccc1a076163c093f914550b94feb90fab916d...d9be7d8cda89035c9c843f78bd44d4f72d8403d4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/SimplicityGuy/discogsography/pull/358","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SimplicityGuy%2Fdiscogsography/issues/358","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/358/packages"},{"uuid":"4519732045","node_id":"PR_kwDOShKGZs7fLj_i","number":5,"state":"open","title":"Bump github/codeql-action from 4.35.1 to 4.35.5","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:55:23.000Z","updated_at":"2026-05-25T21:55:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github/codeql-action","old_version":"4.35.1","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.1\u0026new-version=4.35.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/RealRaquema/textionary/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RealRaquema%2Ftextionary/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4519702548","node_id":"PR_kwDOSnE-f87fLeEU","number":1,"state":"open","title":"Bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:47:24.000Z","updated_at":"2026-05-25T21:49:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Abhi190702/DeploySense/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Abhi190702%2FDeploySense/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4519687732","node_id":"PR_kwDOSnf23c7fLbIm","number":2,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:43:05.000Z","updated_at":"2026-05-25T21:43:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/integrations/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Fintegrations/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4519686842","node_id":"PR_kwDOSnf3WM7fLa9D","number":3,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:42:50.000Z","updated_at":"2026-05-25T21:42:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/fa-amort/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Ffa-amort/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4519686032","node_id":"PR_kwDOSnf2IM7fLazC","number":2,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:42:36.000Z","updated_at":"2026-05-25T21:42:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/revenue-rec/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Frevenue-rec/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4519685128","node_id":"PR_kwDOSkbTlc7fLanD","number":1,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:42:22.000Z","updated_at":"2026-05-25T21:42:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/recon/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Frecon/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4519667553","node_id":"PR_kwDOSTlcl87fLW9g","number":72,"state":"open","title":"chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:38:25.000Z","updated_at":"2026-05-25T21:40:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/meigma/imgsrv/pull/72","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/meigma%2Fimgsrv/issues/72","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/72/packages"},{"uuid":"4519657382","node_id":"PR_kwDOQLzLD87fLU5I","number":52,"state":"open","title":"ci: bump github/codeql-action from 4.31.2 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:35:56.000Z","updated_at":"2026-05-25T21:36:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"github/codeql-action","old_version":"4.31.2","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.31.2\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/seanyates76/Ez-Quiz-App/pull/52","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/seanyates76%2FEz-Quiz-App/issues/52","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/52/packages"},{"uuid":"4519625395","node_id":"PR_kwDONap_1c7fLOPX","number":97,"state":"open","title":"ci: bump github/codeql-action from 4.35.5 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:28:38.000Z","updated_at":"2026-05-25T21:29:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.5 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.5\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/freed-dev-llc/terraform-provider-turingpi/pull/97","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/freed-dev-llc%2Fterraform-provider-turingpi/issues/97","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/97/packages"},{"uuid":"4519557050","node_id":"PR_kwDOEMeAVs7fLAJq","number":521,"state":"closed","title":"Bump github/codeql-action from 3.24.10 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-25T21:13:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T21:13:15.000Z","updated_at":"2026-05-25T21:13:28.000Z","time_to_close":4,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github/codeql-action","old_version":"3.24.10","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/4355270be187e1b672a7a1c7c7bae5afdc1ab94a...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3.24.10\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wikimedia/operations-software-envoyproxy-ratelimiter/pull/521","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wikimedia%2Foperations-software-envoyproxy-ratelimiter/issues/521","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/521/packages"},{"uuid":"4519513868","node_id":"PR_kwDOSRG97s7fK3Q1","number":6,"state":"closed","title":"chore(deps): bump the github-actions group with 15 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-25T21:02:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T21:02:25.000Z","updated_at":"2026-05-25T21:02:44.000Z","time_to_close":10,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":15,"packages":[{"name":"actions/checkout","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5.0.1","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/setup-node","old_version":"6.1.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"docker/setup-qemu-action","old_version":"3.7.0","new_version":"4.0.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"3.6.1","new_version":"4.0.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"autofix-ci/action","old_version":"1.3.2","new_version":"1.3.4","repository_url":"https://github.com/autofix-ci/action"},{"name":"docker/login-action","old_version":"3.3.0","new_version":"4.1.0","repository_url":"https://github.com/docker/login-action"},{"name":"github/codeql-action","old_version":"4.31.9","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"zizmorcore/zizmor-action","old_version":"0.3.0","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"},{"name":"plbstl/first-contribution","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/plbstl/first-contribution"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"xalvarez/prevent-file-change-action","old_version":"1.9.1","new_version":"3.0.1","repository_url":"https://github.com/xalvarez/prevent-file-change-action"},{"name":"actions/upload-artifact","old_version":"4.4.3","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/stale","old_version":"10.1.1","new_version":"10.2.0","repository_url":"https://github.com/actions/stale"},{"name":"GrantBirki/json-yaml-validate","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/grantbirki/json-yaml-validate"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 15 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.5` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.4.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.6.1` | `4.0.0` |\n| [autofix-ci/action](https://github.com/autofix-ci/action) | `1.3.2` | `1.3.4` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `4.1.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.5` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.3.0` | `0.5.6` |\n| [plbstl/first-contribution](https://github.com/plbstl/first-contribution) | `4.1.0` | `4.3.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [xalvarez/prevent-file-change-action](https://github.com/xalvarez/prevent-file-change-action) | `1.9.1` | `3.0.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `7.0.1` |\n| [actions/stale](https://github.com/actions/stale) | `10.1.1` | `10.2.0` |\n| [GrantBirki/json-yaml-validate](https://github.com/grantbirki/json-yaml-validate) | `4.0.0` | `5.0.0` |\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.1.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/v6.1.0...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 3.7.0 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/245\"\u003edocker/setup-qemu-action#245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/241\"\u003edocker/setup-qemu-action#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/244\"\u003edocker/setup-qemu-action#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.67.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/243\"\u003edocker/setup-qemu-action#243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/240\"\u003edocker/setup-qemu-action#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/231\"\u003edocker/setup-qemu-action#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/238\"\u003edocker/setup-qemu-action#238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce360397dd3f832beb865e1373c09c0e9f86d70a\"\u003e\u003ccode\u003ece36039\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/245\"\u003e#245\u003c/a\u003e from crazy-max/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/63863443c130689b5b352363f362c820cf73b26d\"\u003e\u003ccode\u003e6386344\u003c/code\u003e\u003c/a\u003e node 24 as default runtime\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/1ea3db7bfb6d247e5e3511955d6e476a8d400ef3\"\u003e\u003ccode\u003e1ea3db7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/243\"\u003e#243\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b56a0022b9d517f4d4f8f8357e107e587548db78\"\u003e\u003ccode\u003eb56a002\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/c43f02d0c908d30161ad4230a59285d9e442956d\"\u003e\u003ccode\u003ec43f02d\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.67.0 to 0.77.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce10c58dd1801e20f2e65c72aff588c6fc5f6609\"\u003e\u003ccode\u003ece10c58\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/244\"\u003e#244\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/429fc9dbdab394ec482946ef7f7b60be3a169336\"\u003e\u003ccode\u003e429fc9d\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/060e5f8b59ae7d2a0e4dcf681f8625f0e54e2024\"\u003e\u003ccode\u003e060e5f8\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/44be13e7d9ba38145b648950e52ac18e2a4efd3a\"\u003e\u003ccode\u003e44be13e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/231\"\u003e#231\u003c/a\u003e from docker/dependabot/npm_and_yarn/js-yaml-3.14.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/1897438ed3baad455b19c89cda913ca4f31dd079\"\u003e\u003ccode\u003e1897438\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/c7c53464625b32c7a7e944ae62b3e17d2b600130...ce360397dd3f832beb865e1373c09c0e9f86d70a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.6.1 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.12.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003einstall\u003c/code\u003e input by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/455\"\u003edocker/setup-buildx-action#455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.63.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/434\"\u003edocker/setup-buildx-action#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.11 to 1.1.12 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/436\"\u003edocker/setup-buildx-action#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump form-data from 2.5.1 to 2.5.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/432\"\u003edocker/setup-buildx-action#432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.4 to 5.29.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/435\"\u003edocker/setup-buildx-action#435\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ekeep-state\u003c/code\u003e not being respected by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/429\"\u003edocker/setup-buildx-action#429\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eKeep BuildKit state support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/427\"\u003edocker/setup-buildx-action#427\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove aliases created when installing by default by \u003ca href=\"https://github.com/hashhar\"\u003e\u003ccode\u003e@​hashhar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/139\"\u003edocker/setup-buildx-action#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.56.0 to 0.62.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/422\"\u003edocker/setup-buildx-action#422\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/425\"\u003edocker/setup-buildx-action#425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.54.0 to 0.56.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/408\"\u003edocker/setup-buildx-action#408\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.48.0 to 0.54.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/402\"\u003edocker/setup-buildx-action#402\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/404\"\u003edocker/setup-buildx-action#404\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake cloud prefix optional to download buildx if driver is cloud by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/390\"\u003edocker/setup-buildx-action#390\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.10.1 to 1.11.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/370\"\u003edocker/setup-buildx-action#370\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.39.0 to 0.48.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/389\"\u003edocker/setup-buildx-action#389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump cross-spawn from 7.0.3 to 7.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/382\"\u003edocker/setup-buildx-action#382\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003e\u003ccode\u003e4d04d5d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/485\"\u003e#485\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d\"\u003e\u003ccode\u003ecd74e05\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84\"\u003e\u003ccode\u003eeee38ec\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.79.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24\"\u003e\u003ccode\u003e7a83f65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/484\"\u003e#484\u003c/a\u003e from docker/dependabot/github_actions/docker/setup-qe...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327\"\u003e\u003ccode\u003ea5aa967\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/464\"\u003e#464\u003c/a\u003e from crazy-max/rm-deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3\"\u003e\u003ccode\u003ee73d53f\u003c/code\u003e\u003c/a\u003e build(deps): bump docker/setup-qemu-action from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312\"\u003e\u003ccode\u003e28a438e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/483\"\u003e#483\u003c/a\u003e from crazy-max/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf\"\u003e\u003ccode\u003e034e9d3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be\"\u003e\u003ccode\u003eb4664d8\u003c/code\u003e\u003c/a\u003e remove deprecated inputs/outputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba\"\u003e\u003ccode\u003ea8257de\u003c/code\u003e\u003c/a\u003e node 24 as default runtime\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.6.1...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `autofix-ci/action` from 1.3.2 to 1.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/autofix-ci/action/releases\"\u003eautofix-ci/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eautofix-ci/action 1.3.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate action to use Node 24\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/autofix-ci/action/compare/v1...v1.3.4\"\u003ehttps://github.com/autofix-ci/action/compare/v1...v1.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eautofix-ci/action 1.3.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove Autofix API from \u003ccode\u003e.ci\u003c/code\u003e to \u003ccode\u003e.com\u003c/code\u003e TLD.\nThis aims to improve overall reliability (\u003ca href=\"https://redirect.github.com/autofix-ci/action/issues/32\"\u003e#32\u003c/a\u003e). \u003ccode\u003eapi.autofix.ci\u003c/code\u003e will remain available as an alias for the time being.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/autofix-ci/action/compare/v1.3.2...v1.3.3\"\u003ehttps://github.com/autofix-ci/action/compare/v1.3.2...v1.3.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/autofix-ci/action/commit/c5b2d67aa2274e7b5a18224e8171550871fc7e4a\"\u003e\u003ccode\u003ec5b2d67\u003c/code\u003e\u003c/a\u003e Update dependencies and node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/autofix-ci/action/commit/7a166d7532b277f34e16238930461bf77f9d7ed8\"\u003e\u003ccode\u003e7a166d7\u003c/code\u003e\u003c/a\u003e move autofix api from \u003ccode\u003eapi.autofix.ci\u003c/code\u003e to \u003ccode\u003eautofix-api.maximilianhils.com\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/autofix-ci/action/compare/635ffb0c9798bd160680f18fd73371e355b85f27...c5b2d67aa2274e7b5a18224e8171550871fc7e4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.3.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003escope\u003c/code\u003e input to set scopes for the authentication token by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/912\"\u003edocker/login-action#912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for AWS European Sovereign Cloud ECR by \u003ca href=\"https://github.com/dphi\"\u003e\u003ccode\u003e@​dphi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/914\"\u003edocker/login-action#914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure passwords are redacted with \u003ccode\u003eregistry-auth\u003c/code\u003e input by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/911\"\u003edocker/login-action#911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/915\"\u003edocker/login-action#915\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.6.0...v3.7.0\"\u003ehttps://github.com/docker/login-action/compare/v3.6.0...v3.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eregistry-auth\u003c/code\u003e input for raw authentication to registries by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/887\"\u003edocker/login-action#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e to 3.890.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/882\"\u003edocker/login-action#882\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/890\"\u003edocker/login-action#890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.890.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/882\"\u003edocker/login-action#882\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/890\"\u003edocker/login-action#890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.63.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/883\"\u003edocker/login-action#883\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.11 to 1.1.12 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/880\"\u003edocker/login-action#880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.4 to 5.29.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/879\"\u003edocker/login-action#879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.3 to 0.2.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/881\"\u003edocker/login-action#881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.5.0...v3.6.0\"\u003ehttps://github.com/docker/login-action/compare/v3.5.0...v3.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport dual-stack endpoints for AWS ECR by \u003ca href=\"https://github.com/Spacefish\"\u003e\u003ccode\u003e@​Spacefish\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/874\"\u003edocker/login-action#874\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/876\"\u003edocker/login-action#876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003e\u003ccode\u003e4907a6d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/930\"\u003e#930\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636\"\u003e\u003ccode\u003e1e233e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb\"\u003e\u003ccode\u003e6c24ead\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6\"\u003e\u003ccode\u003eee034d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/958\"\u003e#958\u003c/a\u003e from docker/dependabot/npm_and_yarn/lodash-4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb\"\u003e\u003ccode\u003e1527209\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/937\"\u003e#937\u003c/a\u003e from docker/dependabot/npm_and_yarn/proxy-agent-depen...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b\"\u003e\u003ccode\u003ed39362a\u003c/code\u003e\u003c/a\u003e build(deps): bump lodash from 4.17.23 to 4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce\"\u003e\u003ccode\u003ea6f092b\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779\"\u003e\u003ccode\u003e60953f0\u003c/code\u003e\u003c/a\u003e build(deps): bump the proxy-agent-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340\"\u003e\u003ccode\u003e62c6885\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/936\"\u003e#936\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a\"\u003e\u003ccode\u003e102c0e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/v3.3.0...4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.9 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and w...\n\n_Description has been truncated_","html_url":"https://github.com/Muneeswaranjd/Monitor-averqon/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Muneeswaranjd%2FMonitor-averqon/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4519463083","node_id":"PR_kwDORWrKI87fKsuK","number":166,"state":"open","title":"chore: bump github/codeql-action from 4.35.4 to 4.35.5","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:50:39.000Z","updated_at":"2026-05-25T20:50:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.35.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.35.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/szhekpisov/diffyml/pull/166","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/szhekpisov%2Fdiffyml/issues/166","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/166/packages"},{"uuid":"4519451071","node_id":"PR_kwDOQ2UC7M7fKqP3","number":7,"state":"closed","title":"Bump the github-actions-dependencies group with 9 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-25T22:13:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T20:47:44.000Z","updated_at":"2026-05-25T22:13:08.000Z","time_to_close":5122,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions-dependencies","update_count":9,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-python","old_version":"5.6.0","new_version":"6.2.0","repository_url":"https://github.com/actions/setup-python"},{"name":"actions/setup-node","old_version":"4.4.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"docker/login-action","old_version":"3.7.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"softprops/action-gh-release","old_version":"2.6.1","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"aquasecurity/trivy-action","old_version":"0.35.0","new_version":"0.36.0","repository_url":"https://github.com/aquasecurity/trivy-action"},{"name":"github/codeql-action","old_version":"7fc1baf373eb073c686865bd453d412d506a05a2","new_version":"5c8a8a642e79153f5d047b10ec1cba1d1cc65699","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions-dependencies group with 9 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` |\n| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `7fc1baf373eb073c686865bd453d412d506a05a2` | `5c8a8a642e79153f5d047b10ec1cba1d1cc65699` |\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-python` from 5.6.0 to 6.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-python/releases\"\u003eactions/setup-python's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade dependencies to Node 24 compatible versions by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1259\"\u003eactions/setup-python#1259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 from 2.5.0 to 2.6.3 in \u003ccode\u003e/__tests__/data\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1253\"\u003eactions/setup-python#1253\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1264\"\u003eactions/setup-python#1264\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-python/compare/v6...v6.2.0\"\u003ehttps://github.com/actions/setup-python/compare/v6...v6.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epip-install\u003c/code\u003e input by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1201\"\u003eactions/setup-python#1201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd graalpy early-access and windows builds by \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/880\"\u003eactions/setup-python#880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency and Documentation updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhanced wording and updated example usage for \u003ccode\u003eallow-prereleases\u003c/code\u003e by \u003ca href=\"https://github.com/yarikoptic\"\u003e\u003ccode\u003e@​yarikoptic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/979\"\u003eactions/setup-python#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1139\"\u003eactions/setup-python#1139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade typescript from 5.4.2 to 5.9.3 and Documentation update by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1094\"\u003eactions/setup-python#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/publish-action from 0.3.0 to 0.4.0 \u0026amp; Documentation update for pip-install input by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1199\"\u003eactions/setup-python#1199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade requests from 2.32.2 to 2.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1130\"\u003eactions/setup-python#1130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.5.3 to 3.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1234\"\u003eactions/setup-python#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/node\u003c/code\u003e from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1235\"\u003eactions/setup-python#1235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yarikoptic\"\u003e\u003ccode\u003e@​yarikoptic\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/979\"\u003eactions/setup-python#979\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-python/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/setup-python/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1164\"\u003eactions/setup-python#1164\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eSee Release Notes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epip-version\u003c/code\u003e  by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1129\"\u003eactions/setup-python#1129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance reading from .python-version by \u003ca href=\"https://github.com/krystof-k\"\u003e\u003ccode\u003e@​krystof-k\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/787\"\u003eactions/setup-python#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd version parsing from Pipfile by \u003ca href=\"https://github.com/aradkdj\"\u003e\u003ccode\u003e@​aradkdj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1067\"\u003eactions/setup-python#1067\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify pythonLocation behaviour for PyPy and GraalPy in environment variables by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1183\"\u003eactions/setup-python#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange missing cache directory error to warning  by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1182\"\u003eactions/setup-python#1182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Architecture-Specific PATH Management for Python with --user Flag on Windows by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1122\"\u003eactions/setup-python#1122\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude python version in PyPy python-version output by \u003ca href=\"https://github.com/cdce8p\"\u003e\u003ccode\u003e@​cdce8p\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1110\"\u003eactions/setup-python#1110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs: clarification on pip authentication with setup-python by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1156\"\u003eactions/setup-python#1156\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade idna from 2.9 to 3.7 in /\u003cstrong\u003etests\u003c/strong\u003e/data by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/843\"\u003eactions/setup-python#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to fix critical vulnerabilities \u003ca href=\"https://redirect.github.com/actions/setup-python/issues/182\"\u003e#182\u003c/a\u003e \u0026amp; \u003ca href=\"https://redirect.github.com/actions/setup-python/issues/183\"\u003e#183\u003c/a\u003e by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1163\"\u003eactions/setup-python#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1165\"\u003eactions/setup-python#1165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1181\"\u003eactions/setup-python#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e from 2.0.1 to 2.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1095\"\u003eactions/setup-python#1095\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/a309ff8b426b58ec0e2a45f0f869d46889d02405\"\u003e\u003ccode\u003ea309ff8\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.0 to 2.6.3 in /\u003cstrong\u003etests\u003c/strong\u003e/data (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1264\"\u003e#1264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/bfe8cc55a7890e3d6672eda6460ef37bfcc70755\"\u003e\u003ccode\u003ebfe8cc5\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies to Node 24 compatible versions (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1259\"\u003e#1259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/4f41a90a1f38628c7ccc608d05fbafe701bc20ae\"\u003e\u003ccode\u003e4f41a90\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.5.0 to 2.6.0 in /\u003cstrong\u003etests\u003c/strong\u003e/data (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1253\"\u003e#1253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/83679a892e2d95755f2dac6acb0bfd1e9ac5d548\"\u003e\u003ccode\u003e83679a8\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/bfc4944b43a5d84377eca3cf6ab5b7992ba61923\"\u003e\u003ccode\u003ebfc4944\u003c/code\u003e\u003c/a\u003e Bump prettier from 3.5.3 to 3.6.2 (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1234\"\u003e#1234\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/97aeb3efb8a852c559869050c7fb175b4efcc8cf\"\u003e\u003ccode\u003e97aeb3e\u003c/code\u003e\u003c/a\u003e Bump requests from 2.32.2 to 2.32.4 in /\u003cstrong\u003etests\u003c/strong\u003e/data (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1130\"\u003e#1130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/443da59188462e2402e2942686db5aa6723f4bed\"\u003e\u003ccode\u003e443da59\u003c/code\u003e\u003c/a\u003e Bump actions/publish-action from 0.3.0 to 0.4.0 \u0026amp; Documentation update for pi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/cfd55ca82492758d853442341ad4d8010466803a\"\u003e\u003ccode\u003ecfd55ca\u003c/code\u003e\u003c/a\u003e graalpy: add graalpy early-access and windows builds (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/880\"\u003e#880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/bba65e51ff35d50c6dbaaacd8a4681db13aa7cb4\"\u003e\u003ccode\u003ebba65e5\u003c/code\u003e\u003c/a\u003e Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1094\"\u003e#1094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/18566f86b301499665bd3eb1a2247e0849c64fa5\"\u003e\u003ccode\u003e18566f8\u003c/code\u003e\u003c/a\u003e Improve wording and \u0026quot;fix example\u0026quot; (remove 3.13) on testing against pre-releas...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...a309ff8b426b58ec0e2a45f0f869d46889d02405\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4.4.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.7.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v7 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/440\"\u003eactions/download-artifact#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDownload Artifact Node24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/415\"\u003eactions/download-artifact#415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to fix Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/451\"\u003eactions/download-artifact#451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v7.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/452\"\u003eactions/download-artifact#452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3\"\u003e\u003ccode\u003e70fc10c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/461\"\u003e#461\u003c/a\u003e from actions/danwkennedy/digest-mismatch-behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62\"\u003e\u003ccode\u003ef258da9\u003c/code\u003e\u003c/a\u003e Add change docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c\"\u003e\u003ccode\u003eccc058e\u003c/code\u003e\u003c/a\u003e Fix linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd\"\u003e\u003ccode\u003ebd7976b\u003c/code\u003e\u003c/a\u003e Add a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c\"\u003e\u003ccode\u003eac21fcf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/460\"\u003e#460\u003c/a\u003e from actions/danwkennedy/download-no-unzip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0\"\u003e\u003ccode\u003e15999bf\u003c/code\u003e\u003c/a\u003e Add note about package bumps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561\"\u003e\u003ccode\u003e974686e\u003c/code\u003e\u003c/a\u003e Bump the version to \u003ccode\u003ev8\u003c/code\u003e and add release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75\"\u003e\u003ccode\u003efbe48b1\u003c/code\u003e\u003c/a\u003e Update test names to make it clearer what they do\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.6.1 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003e\u003ccode\u003eb430933\u003c/code\u003e\u003c/a\u003e release: cut v3.0.0 for Node 24 upgrade (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f\"\u003e\u003ccode\u003ec2e35e0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group across 1 directory with 7 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65\"\u003e\u003ccode\u003e3bb1273\u003c/code\u003e\u003c/a\u003e release 2.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c34030fec99b0db0f2f22ce7806c445dddb6e224\"\u003e\u003ccode\u003ec34030f\u003c/code\u003e\u003c/a\u003e chore: bump node to 24.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/8975bd05c0630603edb0dca2fc7544bf1c77f600\"\u003e\u003ccode\u003e8975bd0\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.0 to 8.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/781\"\u003e#781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/f71937f44d5662ac6eb861431746174a7b46a7b6\"\u003e\u003ccode\u003ef71937f\u003c/code\u003e\u003c/a\u003e chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/777\"\u003e#777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3f0d239d58d5c226738ec0a08d0465b548dc026f\"\u003e\u003ccode\u003e3f0d239\u003c/code\u003e\u003c/a\u003e chore(deps): bump picomatch from 4.0.3 to 4.0.4 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/775\"\u003e#775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy-action/releases\"\u003eaquasecurity/trivy-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.36.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(ci): update bump-trivy workflow by \u003ca href=\"https://github.com/DmitriyLewen\"\u003e\u003ccode\u003e@​DmitriyLewen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/546\"\u003eaquasecurity/trivy-action#546\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use action.yaml as single source of truth for Trivy version by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/552\"\u003eaquasecurity/trivy-action#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: replace peter-evans/create-pull-request with gh CLI by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/550\"\u003eaquasecurity/trivy-action#550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use pinned digests for trivy-db, trivy-java-db and trivy-checks by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/555\"\u003eaquasecurity/trivy-action#555\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add dependabot config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/556\"\u003eaquasecurity/trivy-action#556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add zizmor config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/557\"\u003eaquasecurity/trivy-action#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the actions group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]...\n\n_Description has been truncated_","html_url":"https://github.com/W1z4rd1c4/RiskHub/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/W1z4rd1c4%2FRiskHub/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4519369463","node_id":"PR_kwDOEDzmas7fKZSX","number":1681,"state":"open","title":"chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0","user":"dependabot[bot]","labels":["size/XS","kind/misc","ok-to-test","release-note-none","dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:28:45.000Z","updated_at":"2026-05-25T20:28:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.5 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.5\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/tektoncd/chains/pull/1681","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tektoncd%2Fchains/issues/1681","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1681/packages"}],"issue_packages":[{"old_version":"4.35.4","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T22:40:44.000Z","version_change":"4.35.4 → 4.36.0","issue":{"uuid":"4519901394","node_id":"PR_kwDORhaKzc7fMG8Q","number":155,"state":"open","title":"ci: bump github/codeql-action from 4.35.4 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:40:44.000Z","updated_at":"2026-05-25T22:41:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/motxx/anchr/pull/155","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/motxx%2Fanchr/issues/155","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/155/packages"}},{"old_version":"4.35.2","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T22:40:36.000Z","version_change":"4.35.2 → 4.36.0","issue":{"uuid":"4519900612","node_id":"PR_kwDORzb3K87fMGw7","number":90,"state":"open","title":"chore(deps): bump github/codeql-action from 4.35.2 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:40:36.000Z","updated_at":"2026-05-25T22:40:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github/codeql-action","old_version":"4.35.2","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.2\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/granit-fx/granit-iot/pull/90","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/granit-fx%2Fgranit-iot/issues/90","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/90/packages"}},{"old_version":"4.35.1","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T22:21:44.000Z","version_change":"4.35.1 → 4.36.0","issue":{"uuid":"4519829585","node_id":"PR_kwDONK5uhM7fL35q","number":356,"state":"open","title":"build(ci): Bump github/codeql-action from 4.35.1 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","automerge"],"assignees":[],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:21:44.000Z","updated_at":"2026-05-25T22:29:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(ci): Bump","packages":[{"name":"github/codeql-action","old_version":"4.35.1","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.1\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/driessamyn/kapper/pull/356","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/driessamyn%2Fkapper/issues/356","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/356/packages"}},{"old_version":"4.35.4","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T22:17:55.000Z","version_change":"4.35.4 → 4.36.0","issue":{"uuid":"4519816531","node_id":"PR_kwDOSd_v_c7fL1Np","number":9,"state":"open","title":"chore(ci): bump github/codeql-action from 4.35.4 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:17:55.000Z","updated_at":"2026-05-25T22:17:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/rdegges/redline/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rdegges%2Fredline/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"4.35.3","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T22:17:15.000Z","version_change":"4.35.3 → 4.36.0","issue":{"uuid":"4519814444","node_id":"PR_kwDOOLge3c7fL0yq","number":561,"state":"open","title":"chore(deps): bump the github-actions group with 2 updates","user":"dependabot[bot]","labels":["dependencies","github-actions","security"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:17:15.000Z","updated_at":"2026-05-25T22:37:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":2,"packages":[{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"github/codeql-action","old_version":"4.35.3","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 2 updates: [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action).\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.3 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.35.3...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/edge-ai/pull/561","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fedge-ai/issues/561","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/561/packages"}},{"old_version":"4.35.5","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T22:06:09.000Z","version_change":"4.35.5 → 4.36.0","issue":{"uuid":"4519772863","node_id":"PR_kwDOJoEmPc7fLsTa","number":358,"state":"open","title":"ci(deps): bump the actions group with 8 updates","user":"dependabot[bot]","labels":["dependencies","ci"],"assignees":["SimplicityGuy"],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T22:06:09.000Z","updated_at":"2026-05-25T22:13:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps): bump","group_name":"actions","update_count":8,"packages":[{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/metadata-action","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/docker/metadata-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"anthropics/claude-code-action","old_version":"1.0.127","new_version":"1.0.133","repository_url":"https://github.com/anthropics/claude-code-action"},{"name":"dataaxiom/ghcr-cleanup-action","old_version":"1.0.16","new_version":"1.2.1","repository_url":"https://github.com/dataaxiom/ghcr-cleanup-action"},{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"taiki-e/install-action","old_version":"2.79.2","new_version":"2.79.7","repository_url":"https://github.com/taiki-e/install-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.127` | `1.0.133` |\n| [dataaxiom/ghcr-cleanup-action](https://github.com/dataaxiom/ghcr-cleanup-action) | `1.0.16` | `1.2.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.5` | `4.36.0` |\n| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.79.2` | `2.79.7` |\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/metadata-action` from 6.0.0 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/metadata-action/releases\"\u003edocker/metadata-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/613\"\u003edocker/metadata-action#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/658\"\u003edocker/metadata-action#658\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/630\"\u003edocker/metadata-action#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump csv-parse from 6.1.0 to 6.2.1 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/617\"\u003edocker/metadata-action#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/620\"\u003edocker/metadata-action#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/623\"\u003edocker/metadata-action#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/621\"\u003edocker/metadata-action#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/629\"\u003edocker/metadata-action#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/639\"\u003edocker/metadata-action#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump moment-timezone from 0.6.0 to 0.6.1 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/619\"\u003edocker/metadata-action#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/626\"\u003edocker/metadata-action#626\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/649\"\u003edocker/metadata-action#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/657\"\u003edocker/metadata-action#657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/614\"\u003edocker/metadata-action#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/metadata-action/pull/637\"\u003edocker/metadata-action#637\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/metadata-action/compare/v6.0.0...v6.1.0\"\u003ehttps://github.com/docker/metadata-action/compare/v6.0.0...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9\"\u003e\u003ccode\u003e80c7e94\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/613\"\u003e#613\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/8e0ddab90c29de6fff30c787e328563e48106fd0\"\u003e\u003ccode\u003e8e0ddab\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/a8db14bd863c93be08c93c13e1cc816ec5b49b2e\"\u003e\u003ccode\u003ea8db14b\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/63a7371ee01888324f2c7b3e18be9ac13b9dbdbc\"\u003e\u003ccode\u003e63a7371\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/617\"\u003e#617\u003c/a\u003e from docker/dependabot/npm_and_yarn/csv-parse-6.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/c6916a6cf86608c44ba936565d57f550835ecd45\"\u003e\u003ccode\u003ec6916a6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/aca9205632182712a2d859059cf12fdc9b2ca202\"\u003e\u003ccode\u003eaca9205\u003c/code\u003e\u003c/a\u003e chore(deps): Bump csv-parse from 6.1.0 to 6.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/9dcfe60f10ebea72e9e48bf8bf366d01629d045a\"\u003e\u003ccode\u003e9dcfe60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/629\"\u003e#629\u003c/a\u003e from docker/dependabot/npm_and_yarn/handlebars-4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/43dea7677c80686dc31a7b16e61ba9d542081b59\"\u003e\u003ccode\u003e43dea76\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/7a56f5af0aa2d36278ba725bb44091417def9f73\"\u003e\u003ccode\u003e7a56f5a\u003c/code\u003e\u003c/a\u003e chore(deps): Bump handlebars from 4.7.8 to 4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/metadata-action/commit/e49e0aa5deac3d581afd6ce80464d84ef68f5ccc\"\u003e\u003ccode\u003ee49e0aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/metadata-action/issues/658\"\u003e#658\u003c/a\u003e from docker/dependabot/npm_and_yarn/brace-expansion-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/metadata-action/compare/030e881283bb7a6894de51c315a6bfe6a94e05cf...80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropics/claude-code-action` from 1.0.127 to 1.0.133\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/claude-code-action/releases\"\u003eanthropics/claude-code-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.133\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse workload identity federation for Claude auth in CI workflows by \u003ca href=\"https://github.com/ashwin-ant\"\u003e\u003ccode\u003e@​ashwin-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/pull/1344\"\u003eanthropics/claude-code-action#1344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.133\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.133\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.132\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.132\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.132\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.131\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.131\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.131\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.130\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Workload Identity Federation (OIDC) authentication support by \u003ca href=\"https://github.com/ashwin-ant\"\u003e\u003ccode\u003e@​ashwin-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/pull/1338\"\u003eanthropics/claude-code-action#1338\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.130\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.130\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.129\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.129\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.129\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.128\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/v1...v1.0.128\"\u003ehttps://github.com/anthropics/claude-code-action/compare/v1...v1.0.128\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251\"\u003e\u003ccode\u003e787c5a0\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.150 and Agent SDK to 0.3.150\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/4257c8e0591343e1130ae550a49ae34dd17c7060\"\u003e\u003ccode\u003e4257c8e\u003c/code\u003e\u003c/a\u003e Use workload identity federation for Claude auth in CI workflows (\u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/issues/1344\"\u003e#1344\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/bbfaf8e1ffe3e688f7ab65ceee78de241e24a238\"\u003e\u003ccode\u003ebbfaf8e\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.149 and Agent SDK to 0.3.149\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/4481e6d3c7bbb88db2a928ca3444c536f589c7c1\"\u003e\u003ccode\u003e4481e6d\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.148 and Agent SDK to 0.3.148\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/661a6fefbd0569ef35809da16775508ab1937862\"\u003e\u003ccode\u003e661a6fe\u003c/code\u003e\u003c/a\u003e Add Workload Identity Federation (OIDC) authentication support (\u003ca href=\"https://redirect.github.com/anthropics/claude-code-action/issues/1338\"\u003e#1338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/c9d66afb1788e701c57d58842e324dca17fd276e\"\u003e\u003ccode\u003ec9d66af\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.147 and Agent SDK to 0.3.147\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/claude-code-action/commit/20c8abf165d5f85ab3fc970db9498436377dc9d1\"\u003e\u003ccode\u003e20c8abf\u003c/code\u003e\u003c/a\u003e chore: bump Claude Code to 2.1.146 and Agent SDK to 0.3.146\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/anthropics/claude-code-action/compare/1dc994ee7a008f0ecc866d9ac23ef036b7229f84...787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dataaxiom/ghcr-cleanup-action` from 1.0.16 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/releases\"\u003edataaxiom/ghcr-cleanup-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: tolerate every 404 on package version delete (was: fail on the second) (fix \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/121\"\u003e#121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: eliminate spurious \u0026quot;wasn't found\u0026quot; warnings from cosign signature dual-cascade race\u003c/li\u003e\n\u003cli\u003efix: per-image log buffer flushes audit trail even when a cascade errors mid-flight\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeature: cross-run manifest cache; warm runs only fetch newly-published manifests (hit rate logged)\u003c/li\u003e\n\u003cli\u003eperf: parallel API throughout — package pagination, manifest fetches, untag PUTs, child/referrer deletes\u003c/li\u003e\n\u003cli\u003eperf: batched untagging — one reload per batch instead of one per tag\u003c/li\u003e\n\u003cli\u003eperf: push token reuse across untag PUTs + 429/secondary rate-limit retries on registry auth\u003c/li\u003e\n\u003cli\u003efix: \u003ccode\u003erepository\u003c/code\u003e input is now informational; cleanup uses \u003ccode\u003eowner\u003c/code\u003e + \u003ccode\u003epackage\u003c/code\u003e directly (supports unlinked / cross-account packages)\u003c/li\u003e\n\u003cli\u003elog volume cap at 1000 lines per group (info); per-image log output buffered to avoid interleaving under concurrent deletes\u003c/li\u003e\n\u003cli\u003epackage version upgrades\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve OCI 1.1 subject-bearing referrers (cosign sigstore-bundles, attestations) during cleanup — were silently deleted as untagged  \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/71\"\u003e#71\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: keep-n-tagged now gates untag operations; a matched tag is not stripped from an image that keep-n-tagged would protect (\u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/99\"\u003e#99\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: shared multi-arch platform digests no longer cascade-deleted when one of multiple parent indexes is removed (\u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: delete-partial-images excludes fully ghost images \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/112\"\u003e#112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Octokit error output visible at all log levels (was suppressed when log-level was error or warn)\u003c/li\u003e\n\u003cli\u003efix: expand-packages rejects fine-grained PATs upfront with a clear message\u003c/li\u003e\n\u003cli\u003efix: setFailed message no longer overwritten by an empty Error in early-failure paths\u003c/li\u003e\n\u003cli\u003efeat: ReDoS guard on user-supplied regex (delete-tags, exclude-tags, package) when use-regex: true\u003c/li\u003e\n\u003cli\u003efeat: code refactor/split, removal of anys where possible using typed classes\u003c/li\u003e\n\u003cli\u003echore(deps): Node.js 24\u003c/li\u003e\n\u003cli\u003edocs: README rewrite + Limitations section (5,000-download undeletable policy, nested-manifest non-support)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/f092b48ba3b604b2a83690dc4b2bbb3392e1045f\"\u003e\u003ccode\u003ef092b48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/122\"\u003e#122\u003c/a\u003e from rohanmars/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/fa3daf51ec24bdab74b5d5cb520ab1ff6c1574b3\"\u003e\u003ccode\u003efa3daf5\u003c/code\u003e\u003c/a\u003e ci: hoist fork-PR approval gate to a single job (was per matrix entry)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/c1ba2892f45835eb93d3098d345fd4d1b0b8a55c\"\u003e\u003ccode\u003ec1ba289\u003c/code\u003e\u003c/a\u003e fix: synchronously claim digests before delete to prevent concurrent duplicat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/f5e37e78087d207cf9e59fb64a315bd29f549b02\"\u003e\u003ccode\u003ef5e37e7\u003c/code\u003e\u003c/a\u003e fix: tolerate all 404s on package version delete; always flush per-tree log b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/374e2028c8fb93b7219f3771cd405fab95d3dec4\"\u003e\u003ccode\u003e374e202\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dataaxiom/ghcr-cleanup-action/issues/120\"\u003e#120\u003c/a\u003e from rohanmars/code-review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/e1e6176a142017b55a10ab9b4e0254f796ba73b8\"\u003e\u003ccode\u003ee1e6176\u003c/code\u003e\u003c/a\u003e perf: cap per-listing log volume at 1000 lines (truncate at INFO)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/65168955b48cf8ce64bfbf982286e3ff337411ab\"\u003e\u003ccode\u003e6516895\u003c/code\u003e\u003c/a\u003e fix: drop the post-reload untag-ops invariant assertion (3.1.5 retraction)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/5a020afddcef0140ec3d7fdba9ea6b58142425f3\"\u003e\u003ccode\u003e5a020af\u003c/code\u003e\u003c/a\u003e feat: buffer deleteImage logs per top-level tree, flush atomically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/8263ff3c8ab96084ed0a73b74107200cc7a2142f\"\u003e\u003ccode\u003e8263ff3\u003c/code\u003e\u003c/a\u003e chore: refresh dependencies to latest patches within current ranges\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/commit/5a3f4cc928b27a87c2d169ecd3eaf975c021e833\"\u003e\u003ccode\u003e5a3f4cc\u003c/code\u003e\u003c/a\u003e chore: update coverage badge to 94.47%\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dataaxiom/ghcr-cleanup-action/compare/cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4...f092b48ba3b604b2a83690dc4b2bbb3392e1045f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.5 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `taiki-e/install-action` from 2.79.2 to 2.79.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/taiki-e/install-action/releases\"\u003etaiki-e/install-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.79.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etypos@latest\u003c/code\u003e to 1.46.3.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.15.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-bindgen@latest\u003c/code\u003e to 0.2.122.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.14.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-deny@latest\u003c/code\u003e to 0.19.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.26.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ejaq@latest\u003c/code\u003e to 3.0.0. (\u003ca href=\"https://redirect.github.com/taiki-e/install-action/pull/1861\"\u003e#1861\u003c/a\u003e, thanks \u003ca href=\"https://github.com/MusicalNinjaDad\"\u003e\u003ccode\u003e@​MusicalNinjaDad\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasmtime@latest\u003c/code\u003e to 45.0.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-tools@latest\u003c/code\u003e to 1.250.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.13.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emartin@latest\u003c/code\u003e to 1.10.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprotoc@latest\u003c/code\u003e to 3.35.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emdbook@latest\u003c/code\u003e to 0.5.3.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.79.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.12.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emartin@latest\u003c/code\u003e to 1.10.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003euv@latest\u003c/code\u003e to 0.11.15.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md\"\u003etaiki-e/install-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThis project adheres to \u003ca href=\"https://semver.org\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003e[2.79.7] - 2026-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etypos@latest\u003c/code\u003e to 1.46.3.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.15.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.79.6] - 2026-05-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-bindgen@latest\u003c/code\u003e to 0.2.122.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.14.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-deny@latest\u003c/code\u003e to 0.19.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.26.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.79.5] - 2026-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ejaq@latest\u003c/code\u003e to 3.0.0. (\u003ca href=\"https://redirect.github.com/taiki-e/install-action/pull/1861\"\u003e#1861\u003c/a\u003e, thanks \u003ca href=\"https://github.com/MusicalNinjaDad\"\u003e\u003ccode\u003e@​MusicalNinjaDad\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasmtime@latest\u003c/code\u003e to 45.0.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ewasm-tools@latest\u003c/code\u003e to 1.250.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.13.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.79.4] - 2026-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emartin@latest\u003c/code\u003e to 1.10.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/d9be7d8cda89035c9c843f78bd44d4f72d8403d4\"\u003e\u003ccode\u003ed9be7d8\u003c/code\u003e\u003c/a\u003e Release 2.79.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/7728147b45f9a2629f83441ea4c596dd78dd42bb\"\u003e\u003ccode\u003e7728147\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003etypos@latest\u003c/code\u003e to 1.46.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/6df4f178805216b15bb33bc4bc2559da31008ba3\"\u003e\u003ccode\u003e6df4f17\u003c/code\u003e\u003c/a\u003e Update parse-dockerfile manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/be60431cdce1a8b76552819b4552e38faa629226\"\u003e\u003ccode\u003ebe60431\u003c/code\u003e\u003c/a\u003e Update knope manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/24db57b4143014bff99e6a6a95e0949eccfbb699\"\u003e\u003ccode\u003e24db57b\u003c/code\u003e\u003c/a\u003e ci,tools: Update config and script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/56d048e4beac934a8322e8b4304f5918298ee994\"\u003e\u003ccode\u003e56d048e\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/88886e83d3f1f02ee7c8ef6bc19353ebe4c5e2b7\"\u003e\u003ccode\u003e88886e8\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emise@latest\u003c/code\u003e to 2026.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/1a101afe879f28ef068448b2700a61687bc53fe8\"\u003e\u003ccode\u003e1a101af\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003etombi@latest\u003c/code\u003e to 0.11.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/f48d2f8ba2b452934c948b7be1a768079c3632ff\"\u003e\u003ccode\u003ef48d2f8\u003c/code\u003e\u003c/a\u003e Release 2.79.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/64c43fd29c96b85324f393bc82ca0a5396148dd5\"\u003e\u003ccode\u003e64c43fd\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003ewasm-bindgen@latest\u003c/code\u003e to 0.2.122\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/taiki-e/install-action/compare/213ccc1a076163c093f914550b94feb90fab916d...d9be7d8cda89035c9c843f78bd44d4f72d8403d4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/SimplicityGuy/discogsography/pull/358","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SimplicityGuy%2Fdiscogsography/issues/358","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/358/packages"}},{"old_version":"4.35.1","new_version":"4.35.5","update_type":"patch","path":null,"pr_created_at":"2026-05-25T21:55:23.000Z","version_change":"4.35.1 → 4.35.5","issue":{"uuid":"4519732045","node_id":"PR_kwDOShKGZs7fLj_i","number":5,"state":"open","title":"Bump github/codeql-action from 4.35.1 to 4.35.5","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:55:23.000Z","updated_at":"2026-05-25T21:55:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github/codeql-action","old_version":"4.35.1","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.1\u0026new-version=4.35.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/RealRaquema/textionary/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RealRaquema%2Ftextionary/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"3","new_version":"4","update_type":null,"path":null,"pr_created_at":"2026-05-25T21:47:24.000Z","version_change":"3 → 4","issue":{"uuid":"4519702548","node_id":"PR_kwDOSnE-f87fLeEU","number":1,"state":"open","title":"Bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:47:24.000Z","updated_at":"2026-05-25T21:49:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Abhi190702/DeploySense/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Abhi190702%2FDeploySense/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3","new_version":"4","update_type":null,"path":null,"pr_created_at":"2026-05-25T21:43:05.000Z","version_change":"3 → 4","issue":{"uuid":"4519687732","node_id":"PR_kwDOSnf23c7fLbIm","number":2,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:43:05.000Z","updated_at":"2026-05-25T21:43:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/integrations/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Fintegrations/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"3","new_version":"4","update_type":null,"path":null,"pr_created_at":"2026-05-25T21:42:50.000Z","version_change":"3 → 4","issue":{"uuid":"4519686842","node_id":"PR_kwDOSnf3WM7fLa9D","number":3,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:42:50.000Z","updated_at":"2026-05-25T21:42:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/fa-amort/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Ffa-amort/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"3","new_version":"4","update_type":null,"path":null,"pr_created_at":"2026-05-25T21:42:36.000Z","version_change":"3 → 4","issue":{"uuid":"4519686032","node_id":"PR_kwDOSnf2IM7fLazC","number":2,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:42:36.000Z","updated_at":"2026-05-25T21:42:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/revenue-rec/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Frevenue-rec/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"3","new_version":"4","update_type":null,"path":null,"pr_created_at":"2026-05-25T21:42:22.000Z","version_change":"3 → 4","issue":{"uuid":"4519685128","node_id":"PR_kwDOSkbTlc7fLanD","number":1,"state":"open","title":"build(deps): bump github/codeql-action from 3 to 4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:42:22.000Z","updated_at":"2026-05-25T21:42:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\nTo opt out of this change:\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3421\"\u003e#3421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.0 - 26 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0\"\u003e2.24.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3425\"\u003e#3425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.11 - 23 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen running a Default Setup workflow with \u003ca href=\"https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging\"\u003eActions debugging enabled\u003c/a\u003e, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3409\"\u003e#3409\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved error handling throughout the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3415\"\u003e#3415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded experimental support for automatically excluding \u003ca href=\"https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github\"\u003egenerated files\u003c/a\u003e from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3318\"\u003e#3318\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3403\"\u003e#3403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.10 - 12 Jan 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.9. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3393\"\u003e#3393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.9 - 16 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.8 - 11 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.8. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.7 - 05 Dec 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.7. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3343\"\u003e#3343\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.6 - 01 Dec 2025\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.31.5 - 24 Nov 2025\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to 2.23.6. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3321\"\u003e#3321\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.31.4 - 18 Nov 2025\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8442bc0af97ee8be3c2911e416d000f604f3e676\"\u003e\u003ccode\u003e8442bc0\u003c/code\u003e\u003c/a\u003e Release process: Automatically rebuild PRs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/26a1e570a60fdfa4479615ce1b9b70530319e14f\"\u003e\u003ccode\u003e26a1e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3913\"\u003e#3913\u003c/a\u003e from github/henrymercer/downgrade-ava\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9b6438e93682cb5c2fab835f4e49084118ab1106\"\u003e\u003ccode\u003e9b6438e\u003c/code\u003e\u003c/a\u003e Tweak workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b5b50d62f11c6c50894a7083c6e4cda7f1bf112a\"\u003e\u003ccode\u003eb5b50d6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9665bc2f5a0208583e1c0e97e1cba8e6497d6d44\"\u003e\u003ccode\u003e9665bc2\u003c/code\u003e\u003c/a\u003e Downgrade ava to version 6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5a80681bb6c514957ebf142061bb9243575ad592\"\u003e\u003ccode\u003e5a80681\u003c/code\u003e\u003c/a\u003e Address review comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3\u0026new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ledger-nexus/recon/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ledger-nexus%2Frecon/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"4.35.4","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T21:38:25.000Z","version_change":"4.35.4 → 4.36.0","issue":{"uuid":"4519667553","node_id":"PR_kwDOSTlcl87fLW9g","number":72,"state":"open","title":"chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:38:25.000Z","updated_at":"2026-05-25T21:40:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/meigma/imgsrv/pull/72","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/meigma%2Fimgsrv/issues/72","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/72/packages"}},{"old_version":"4.31.2","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T21:35:56.000Z","version_change":"4.31.2 → 4.36.0","issue":{"uuid":"4519657382","node_id":"PR_kwDOQLzLD87fLU5I","number":52,"state":"open","title":"ci: bump github/codeql-action from 4.31.2 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:35:56.000Z","updated_at":"2026-05-25T21:36:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"github/codeql-action","old_version":"4.31.2","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.31.2\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/seanyates76/Ez-Quiz-App/pull/52","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/seanyates76%2FEz-Quiz-App/issues/52","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/52/packages"}},{"old_version":"4.35.5","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T21:28:38.000Z","version_change":"4.35.5 → 4.36.0","issue":{"uuid":"4519625395","node_id":"PR_kwDONap_1c7fLOPX","number":97,"state":"open","title":"ci: bump github/codeql-action from 4.35.5 to 4.36.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T21:28:38.000Z","updated_at":"2026-05-25T21:29:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.5 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.5\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/freed-dev-llc/terraform-provider-turingpi/pull/97","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/freed-dev-llc%2Fterraform-provider-turingpi/issues/97","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/97/packages"}},{"old_version":"3.24.10","new_version":"4.36.0","update_type":"major","path":null,"pr_created_at":"2026-05-25T21:13:15.000Z","version_change":"3.24.10 → 4.36.0","issue":{"uuid":"4519557050","node_id":"PR_kwDOEMeAVs7fLAJq","number":521,"state":"closed","title":"Bump github/codeql-action from 3.24.10 to 4.36.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-25T21:13:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T21:13:15.000Z","updated_at":"2026-05-25T21:13:28.000Z","time_to_close":4,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github/codeql-action","old_version":"3.24.10","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/4355270be187e1b672a7a1c7c7bae5afdc1ab94a...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=3.24.10\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wikimedia/operations-software-envoyproxy-ratelimiter/pull/521","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wikimedia%2Foperations-software-envoyproxy-ratelimiter/issues/521","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/521/packages"}},{"old_version":"4.31.9","new_version":"4.35.5","update_type":"minor","path":null,"pr_created_at":"2026-05-25T21:02:25.000Z","version_change":"4.31.9 → 4.35.5","issue":{"uuid":"4519513868","node_id":"PR_kwDOSRG97s7fK3Q1","number":6,"state":"closed","title":"chore(deps): bump the github-actions group with 15 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-25T21:02:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T21:02:25.000Z","updated_at":"2026-05-25T21:02:44.000Z","time_to_close":10,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":15,"packages":[{"name":"actions/checkout","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5.0.1","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/setup-node","old_version":"6.1.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"docker/setup-qemu-action","old_version":"3.7.0","new_version":"4.0.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"3.6.1","new_version":"4.0.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"autofix-ci/action","old_version":"1.3.2","new_version":"1.3.4","repository_url":"https://github.com/autofix-ci/action"},{"name":"docker/login-action","old_version":"3.3.0","new_version":"4.1.0","repository_url":"https://github.com/docker/login-action"},{"name":"github/codeql-action","old_version":"4.31.9","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"zizmorcore/zizmor-action","old_version":"0.3.0","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"},{"name":"plbstl/first-contribution","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/plbstl/first-contribution"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"xalvarez/prevent-file-change-action","old_version":"1.9.1","new_version":"3.0.1","repository_url":"https://github.com/xalvarez/prevent-file-change-action"},{"name":"actions/upload-artifact","old_version":"4.4.3","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/stale","old_version":"10.1.1","new_version":"10.2.0","repository_url":"https://github.com/actions/stale"},{"name":"GrantBirki/json-yaml-validate","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/grantbirki/json-yaml-validate"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 15 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.5` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.4.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.6.1` | `4.0.0` |\n| [autofix-ci/action](https://github.com/autofix-ci/action) | `1.3.2` | `1.3.4` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `4.1.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.5` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.3.0` | `0.5.6` |\n| [plbstl/first-contribution](https://github.com/plbstl/first-contribution) | `4.1.0` | `4.3.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [xalvarez/prevent-file-change-action](https://github.com/xalvarez/prevent-file-change-action) | `1.9.1` | `3.0.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `7.0.1` |\n| [actions/stale](https://github.com/actions/stale) | `10.1.1` | `10.2.0` |\n| [GrantBirki/json-yaml-validate](https://github.com/grantbirki/json-yaml-validate) | `4.0.0` | `5.0.0` |\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.1.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/v6.1.0...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 3.7.0 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/245\"\u003edocker/setup-qemu-action#245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/241\"\u003edocker/setup-qemu-action#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/244\"\u003edocker/setup-qemu-action#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.67.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/243\"\u003edocker/setup-qemu-action#243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/240\"\u003edocker/setup-qemu-action#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/231\"\u003edocker/setup-qemu-action#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/238\"\u003edocker/setup-qemu-action#238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce360397dd3f832beb865e1373c09c0e9f86d70a\"\u003e\u003ccode\u003ece36039\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/245\"\u003e#245\u003c/a\u003e from crazy-max/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/63863443c130689b5b352363f362c820cf73b26d\"\u003e\u003ccode\u003e6386344\u003c/code\u003e\u003c/a\u003e node 24 as default runtime\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/1ea3db7bfb6d247e5e3511955d6e476a8d400ef3\"\u003e\u003ccode\u003e1ea3db7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/243\"\u003e#243\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b56a0022b9d517f4d4f8f8357e107e587548db78\"\u003e\u003ccode\u003eb56a002\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/c43f02d0c908d30161ad4230a59285d9e442956d\"\u003e\u003ccode\u003ec43f02d\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.67.0 to 0.77.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce10c58dd1801e20f2e65c72aff588c6fc5f6609\"\u003e\u003ccode\u003ece10c58\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/244\"\u003e#244\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/429fc9dbdab394ec482946ef7f7b60be3a169336\"\u003e\u003ccode\u003e429fc9d\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/060e5f8b59ae7d2a0e4dcf681f8625f0e54e2024\"\u003e\u003ccode\u003e060e5f8\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/44be13e7d9ba38145b648950e52ac18e2a4efd3a\"\u003e\u003ccode\u003e44be13e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/231\"\u003e#231\u003c/a\u003e from docker/dependabot/npm_and_yarn/js-yaml-3.14.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/1897438ed3baad455b19c89cda913ca4f31dd079\"\u003e\u003ccode\u003e1897438\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/c7c53464625b32c7a7e944ae62b3e17d2b600130...ce360397dd3f832beb865e1373c09c0e9f86d70a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.6.1 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.12.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003einstall\u003c/code\u003e input by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/455\"\u003edocker/setup-buildx-action#455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.63.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/434\"\u003edocker/setup-buildx-action#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.11 to 1.1.12 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/436\"\u003edocker/setup-buildx-action#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump form-data from 2.5.1 to 2.5.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/432\"\u003edocker/setup-buildx-action#432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.4 to 5.29.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/435\"\u003edocker/setup-buildx-action#435\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ekeep-state\u003c/code\u003e not being respected by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/429\"\u003edocker/setup-buildx-action#429\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eKeep BuildKit state support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/427\"\u003edocker/setup-buildx-action#427\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove aliases created when installing by default by \u003ca href=\"https://github.com/hashhar\"\u003e\u003ccode\u003e@​hashhar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/139\"\u003edocker/setup-buildx-action#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.56.0 to 0.62.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/422\"\u003edocker/setup-buildx-action#422\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/425\"\u003edocker/setup-buildx-action#425\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.54.0 to 0.56.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/408\"\u003edocker/setup-buildx-action#408\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.48.0 to 0.54.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/402\"\u003edocker/setup-buildx-action#402\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/404\"\u003edocker/setup-buildx-action#404\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake cloud prefix optional to download buildx if driver is cloud by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/390\"\u003edocker/setup-buildx-action#390\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.10.1 to 1.11.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/370\"\u003edocker/setup-buildx-action#370\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.39.0 to 0.48.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/389\"\u003edocker/setup-buildx-action#389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump cross-spawn from 7.0.3 to 7.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/382\"\u003edocker/setup-buildx-action#382\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003e\u003ccode\u003e4d04d5d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/485\"\u003e#485\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d\"\u003e\u003ccode\u003ecd74e05\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84\"\u003e\u003ccode\u003eeee38ec\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.79.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24\"\u003e\u003ccode\u003e7a83f65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/484\"\u003e#484\u003c/a\u003e from docker/dependabot/github_actions/docker/setup-qe...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327\"\u003e\u003ccode\u003ea5aa967\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/464\"\u003e#464\u003c/a\u003e from crazy-max/rm-deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3\"\u003e\u003ccode\u003ee73d53f\u003c/code\u003e\u003c/a\u003e build(deps): bump docker/setup-qemu-action from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312\"\u003e\u003ccode\u003e28a438e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/483\"\u003e#483\u003c/a\u003e from crazy-max/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf\"\u003e\u003ccode\u003e034e9d3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be\"\u003e\u003ccode\u003eb4664d8\u003c/code\u003e\u003c/a\u003e remove deprecated inputs/outputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba\"\u003e\u003ccode\u003ea8257de\u003c/code\u003e\u003c/a\u003e node 24 as default runtime\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.6.1...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `autofix-ci/action` from 1.3.2 to 1.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/autofix-ci/action/releases\"\u003eautofix-ci/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eautofix-ci/action 1.3.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate action to use Node 24\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/autofix-ci/action/compare/v1...v1.3.4\"\u003ehttps://github.com/autofix-ci/action/compare/v1...v1.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eautofix-ci/action 1.3.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove Autofix API from \u003ccode\u003e.ci\u003c/code\u003e to \u003ccode\u003e.com\u003c/code\u003e TLD.\nThis aims to improve overall reliability (\u003ca href=\"https://redirect.github.com/autofix-ci/action/issues/32\"\u003e#32\u003c/a\u003e). \u003ccode\u003eapi.autofix.ci\u003c/code\u003e will remain available as an alias for the time being.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/autofix-ci/action/compare/v1.3.2...v1.3.3\"\u003ehttps://github.com/autofix-ci/action/compare/v1.3.2...v1.3.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/autofix-ci/action/commit/c5b2d67aa2274e7b5a18224e8171550871fc7e4a\"\u003e\u003ccode\u003ec5b2d67\u003c/code\u003e\u003c/a\u003e Update dependencies and node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/autofix-ci/action/commit/7a166d7532b277f34e16238930461bf77f9d7ed8\"\u003e\u003ccode\u003e7a166d7\u003c/code\u003e\u003c/a\u003e move autofix api from \u003ccode\u003eapi.autofix.ci\u003c/code\u003e to \u003ccode\u003eautofix-api.maximilianhils.com\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/autofix-ci/action/compare/635ffb0c9798bd160680f18fd73371e355b85f27...c5b2d67aa2274e7b5a18224e8171550871fc7e4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.3.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003escope\u003c/code\u003e input to set scopes for the authentication token by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/912\"\u003edocker/login-action#912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for AWS European Sovereign Cloud ECR by \u003ca href=\"https://github.com/dphi\"\u003e\u003ccode\u003e@​dphi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/914\"\u003edocker/login-action#914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure passwords are redacted with \u003ccode\u003eregistry-auth\u003c/code\u003e input by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/911\"\u003edocker/login-action#911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/915\"\u003edocker/login-action#915\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.6.0...v3.7.0\"\u003ehttps://github.com/docker/login-action/compare/v3.6.0...v3.7.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eregistry-auth\u003c/code\u003e input for raw authentication to registries by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/887\"\u003edocker/login-action#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e to 3.890.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/882\"\u003edocker/login-action#882\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/890\"\u003edocker/login-action#890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.890.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/882\"\u003edocker/login-action#882\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/890\"\u003edocker/login-action#890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.63.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/883\"\u003edocker/login-action#883\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.11 to 1.1.12 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/880\"\u003edocker/login-action#880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.4 to 5.29.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/879\"\u003edocker/login-action#879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.3 to 0.2.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/881\"\u003edocker/login-action#881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.5.0...v3.6.0\"\u003ehttps://github.com/docker/login-action/compare/v3.5.0...v3.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport dual-stack endpoints for AWS ECR by \u003ca href=\"https://github.com/Spacefish\"\u003e\u003ccode\u003e@​Spacefish\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/874\"\u003edocker/login-action#874\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/876\"\u003edocker/login-action#876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003e\u003ccode\u003e4907a6d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/930\"\u003e#930\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636\"\u003e\u003ccode\u003e1e233e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb\"\u003e\u003ccode\u003e6c24ead\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6\"\u003e\u003ccode\u003eee034d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/958\"\u003e#958\u003c/a\u003e from docker/dependabot/npm_and_yarn/lodash-4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb\"\u003e\u003ccode\u003e1527209\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/937\"\u003e#937\u003c/a\u003e from docker/dependabot/npm_and_yarn/proxy-agent-depen...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b\"\u003e\u003ccode\u003ed39362a\u003c/code\u003e\u003c/a\u003e build(deps): bump lodash from 4.17.23 to 4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce\"\u003e\u003ccode\u003ea6f092b\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779\"\u003e\u003ccode\u003e60953f0\u003c/code\u003e\u003c/a\u003e build(deps): bump the proxy-agent-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340\"\u003e\u003ccode\u003e62c6885\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/936\"\u003e#936\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a\"\u003e\u003ccode\u003e102c0e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/v3.3.0...4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.9 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and w...\n\n_Description has been truncated_","html_url":"https://github.com/Muneeswaranjd/Monitor-averqon/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Muneeswaranjd%2FMonitor-averqon/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"4.35.4","new_version":"4.35.5","update_type":"patch","path":null,"pr_created_at":"2026-05-25T20:50:39.000Z","version_change":"4.35.4 → 4.35.5","issue":{"uuid":"4519463083","node_id":"PR_kwDORWrKI87fKsuK","number":166,"state":"open","title":"chore: bump github/codeql-action from 4.35.4 to 4.35.5","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:50:39.000Z","updated_at":"2026-05-25T20:50:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.35.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.4\u0026new-version=4.35.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/szhekpisov/diffyml/pull/166","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/szhekpisov%2Fdiffyml/issues/166","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/166/packages"}},{"old_version":"7fc1baf373eb073c686865bd453d412d506a05a2","new_version":"5c8a8a642e79153f5d047b10ec1cba1d1cc65699","update_type":null,"path":null,"pr_created_at":"2026-05-25T20:47:44.000Z","version_change":"7fc1baf373eb073c686865bd453d412d506a05a2 → 5c8a8a642e79153f5d047b10ec1cba1d1cc65699","issue":{"uuid":"4519451071","node_id":"PR_kwDOQ2UC7M7fKqP3","number":7,"state":"closed","title":"Bump the github-actions-dependencies group with 9 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-25T22:13:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T20:47:44.000Z","updated_at":"2026-05-25T22:13:08.000Z","time_to_close":5122,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions-dependencies","update_count":9,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-python","old_version":"5.6.0","new_version":"6.2.0","repository_url":"https://github.com/actions/setup-python"},{"name":"actions/setup-node","old_version":"4.4.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"docker/login-action","old_version":"3.7.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"softprops/action-gh-release","old_version":"2.6.1","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"aquasecurity/trivy-action","old_version":"0.35.0","new_version":"0.36.0","repository_url":"https://github.com/aquasecurity/trivy-action"},{"name":"github/codeql-action","old_version":"7fc1baf373eb073c686865bd453d412d506a05a2","new_version":"5c8a8a642e79153f5d047b10ec1cba1d1cc65699","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions-dependencies group with 9 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` |\n| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `7fc1baf373eb073c686865bd453d412d506a05a2` | `5c8a8a642e79153f5d047b10ec1cba1d1cc65699` |\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-python` from 5.6.0 to 6.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-python/releases\"\u003eactions/setup-python's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade dependencies to Node 24 compatible versions by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1259\"\u003eactions/setup-python#1259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 from 2.5.0 to 2.6.3 in \u003ccode\u003e/__tests__/data\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1253\"\u003eactions/setup-python#1253\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1264\"\u003eactions/setup-python#1264\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-python/compare/v6...v6.2.0\"\u003ehttps://github.com/actions/setup-python/compare/v6...v6.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epip-install\u003c/code\u003e input by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1201\"\u003eactions/setup-python#1201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd graalpy early-access and windows builds by \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/880\"\u003eactions/setup-python#880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency and Documentation updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhanced wording and updated example usage for \u003ccode\u003eallow-prereleases\u003c/code\u003e by \u003ca href=\"https://github.com/yarikoptic\"\u003e\u003ccode\u003e@​yarikoptic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/979\"\u003eactions/setup-python#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1139\"\u003eactions/setup-python#1139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade typescript from 5.4.2 to 5.9.3 and Documentation update by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1094\"\u003eactions/setup-python#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/publish-action from 0.3.0 to 0.4.0 \u0026amp; Documentation update for pip-install input by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1199\"\u003eactions/setup-python#1199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade requests from 2.32.2 to 2.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1130\"\u003eactions/setup-python#1130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 3.5.3 to 3.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1234\"\u003eactions/setup-python#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​types/node\u003c/code\u003e from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1235\"\u003eactions/setup-python#1235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yarikoptic\"\u003e\u003ccode\u003e@​yarikoptic\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/979\"\u003eactions/setup-python#979\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-python/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/setup-python/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1164\"\u003eactions/setup-python#1164\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eSee Release Notes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epip-version\u003c/code\u003e  by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1129\"\u003eactions/setup-python#1129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance reading from .python-version by \u003ca href=\"https://github.com/krystof-k\"\u003e\u003ccode\u003e@​krystof-k\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/787\"\u003eactions/setup-python#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd version parsing from Pipfile by \u003ca href=\"https://github.com/aradkdj\"\u003e\u003ccode\u003e@​aradkdj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1067\"\u003eactions/setup-python#1067\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify pythonLocation behaviour for PyPy and GraalPy in environment variables by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1183\"\u003eactions/setup-python#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange missing cache directory error to warning  by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1182\"\u003eactions/setup-python#1182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Architecture-Specific PATH Management for Python with --user Flag on Windows by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1122\"\u003eactions/setup-python#1122\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude python version in PyPy python-version output by \u003ca href=\"https://github.com/cdce8p\"\u003e\u003ccode\u003e@​cdce8p\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1110\"\u003eactions/setup-python#1110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs: clarification on pip authentication with setup-python by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1156\"\u003eactions/setup-python#1156\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade idna from 2.9 to 3.7 in /\u003cstrong\u003etests\u003c/strong\u003e/data by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/843\"\u003eactions/setup-python#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to fix critical vulnerabilities \u003ca href=\"https://redirect.github.com/actions/setup-python/issues/182\"\u003e#182\u003c/a\u003e \u0026amp; \u003ca href=\"https://redirect.github.com/actions/setup-python/issues/183\"\u003e#183\u003c/a\u003e by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1163\"\u003eactions/setup-python#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1165\"\u003eactions/setup-python#1165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1181\"\u003eactions/setup-python#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e from 2.0.1 to 2.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-python/pull/1095\"\u003eactions/setup-python#1095\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/a309ff8b426b58ec0e2a45f0f869d46889d02405\"\u003e\u003ccode\u003ea309ff8\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.0 to 2.6.3 in /\u003cstrong\u003etests\u003c/strong\u003e/data (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1264\"\u003e#1264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/bfe8cc55a7890e3d6672eda6460ef37bfcc70755\"\u003e\u003ccode\u003ebfe8cc5\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies to Node 24 compatible versions (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1259\"\u003e#1259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/4f41a90a1f38628c7ccc608d05fbafe701bc20ae\"\u003e\u003ccode\u003e4f41a90\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.5.0 to 2.6.0 in /\u003cstrong\u003etests\u003c/strong\u003e/data (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1253\"\u003e#1253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/83679a892e2d95755f2dac6acb0bfd1e9ac5d548\"\u003e\u003ccode\u003e83679a8\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/bfc4944b43a5d84377eca3cf6ab5b7992ba61923\"\u003e\u003ccode\u003ebfc4944\u003c/code\u003e\u003c/a\u003e Bump prettier from 3.5.3 to 3.6.2 (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1234\"\u003e#1234\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/97aeb3efb8a852c559869050c7fb175b4efcc8cf\"\u003e\u003ccode\u003e97aeb3e\u003c/code\u003e\u003c/a\u003e Bump requests from 2.32.2 to 2.32.4 in /\u003cstrong\u003etests\u003c/strong\u003e/data (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1130\"\u003e#1130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/443da59188462e2402e2942686db5aa6723f4bed\"\u003e\u003ccode\u003e443da59\u003c/code\u003e\u003c/a\u003e Bump actions/publish-action from 0.3.0 to 0.4.0 \u0026amp; Documentation update for pi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/cfd55ca82492758d853442341ad4d8010466803a\"\u003e\u003ccode\u003ecfd55ca\u003c/code\u003e\u003c/a\u003e graalpy: add graalpy early-access and windows builds (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/880\"\u003e#880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/bba65e51ff35d50c6dbaaacd8a4681db13aa7cb4\"\u003e\u003ccode\u003ebba65e5\u003c/code\u003e\u003c/a\u003e Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (\u003ca href=\"https://redirect.github.com/actions/setup-python/issues/1094\"\u003e#1094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-python/commit/18566f86b301499665bd3eb1a2247e0849c64fa5\"\u003e\u003ccode\u003e18566f8\u003c/code\u003e\u003c/a\u003e Improve wording and \u0026quot;fix example\u0026quot; (remove 3.13) on testing against pre-releas...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...a309ff8b426b58ec0e2a45f0f869d46889d02405\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4.4.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.7.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v7 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/440\"\u003eactions/download-artifact#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDownload Artifact Node24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/415\"\u003eactions/download-artifact#415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to fix Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/451\"\u003eactions/download-artifact#451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v7.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/452\"\u003eactions/download-artifact#452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3\"\u003e\u003ccode\u003e70fc10c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/461\"\u003e#461\u003c/a\u003e from actions/danwkennedy/digest-mismatch-behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62\"\u003e\u003ccode\u003ef258da9\u003c/code\u003e\u003c/a\u003e Add change docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c\"\u003e\u003ccode\u003eccc058e\u003c/code\u003e\u003c/a\u003e Fix linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd\"\u003e\u003ccode\u003ebd7976b\u003c/code\u003e\u003c/a\u003e Add a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c\"\u003e\u003ccode\u003eac21fcf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/460\"\u003e#460\u003c/a\u003e from actions/danwkennedy/download-no-unzip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0\"\u003e\u003ccode\u003e15999bf\u003c/code\u003e\u003c/a\u003e Add note about package bumps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561\"\u003e\u003ccode\u003e974686e\u003c/code\u003e\u003c/a\u003e Bump the version to \u003ccode\u003ev8\u003c/code\u003e and add release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75\"\u003e\u003ccode\u003efbe48b1\u003c/code\u003e\u003c/a\u003e Update test names to make it clearer what they do\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.6.1 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003e\u003ccode\u003eb430933\u003c/code\u003e\u003c/a\u003e release: cut v3.0.0 for Node 24 upgrade (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f\"\u003e\u003ccode\u003ec2e35e0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group across 1 directory with 7 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65\"\u003e\u003ccode\u003e3bb1273\u003c/code\u003e\u003c/a\u003e release 2.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c34030fec99b0db0f2f22ce7806c445dddb6e224\"\u003e\u003ccode\u003ec34030f\u003c/code\u003e\u003c/a\u003e chore: bump node to 24.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/8975bd05c0630603edb0dca2fc7544bf1c77f600\"\u003e\u003ccode\u003e8975bd0\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.0 to 8.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/781\"\u003e#781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/f71937f44d5662ac6eb861431746174a7b46a7b6\"\u003e\u003ccode\u003ef71937f\u003c/code\u003e\u003c/a\u003e chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/777\"\u003e#777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3f0d239d58d5c226738ec0a08d0465b548dc026f\"\u003e\u003ccode\u003e3f0d239\u003c/code\u003e\u003c/a\u003e chore(deps): bump picomatch from 4.0.3 to 4.0.4 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/775\"\u003e#775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy-action/releases\"\u003eaquasecurity/trivy-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.36.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(ci): update bump-trivy workflow by \u003ca href=\"https://github.com/DmitriyLewen\"\u003e\u003ccode\u003e@​DmitriyLewen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/546\"\u003eaquasecurity/trivy-action#546\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use action.yaml as single source of truth for Trivy version by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/552\"\u003eaquasecurity/trivy-action#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: replace peter-evans/create-pull-request with gh CLI by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/550\"\u003eaquasecurity/trivy-action#550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use pinned digests for trivy-db, trivy-java-db and trivy-checks by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/555\"\u003eaquasecurity/trivy-action#555\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add dependabot config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/556\"\u003eaquasecurity/trivy-action#556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add zizmor config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/557\"\u003eaquasecurity/trivy-action#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the actions group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot]...\n\n_Description has been truncated_","html_url":"https://github.com/W1z4rd1c4/RiskHub/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/W1z4rd1c4%2FRiskHub/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"4.35.5","new_version":"4.36.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T20:28:45.000Z","version_change":"4.35.5 → 4.36.0","issue":{"uuid":"4519369463","node_id":"PR_kwDOEDzmas7fKZSX","number":1681,"state":"open","title":"chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0","user":"dependabot[bot]","labels":["size/XS","kind/misc","ok-to-test","release-note-none","dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:28:45.000Z","updated_at":"2026-05-25T20:28:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.5 to 4.36.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action\u0026package-manager=github_actions\u0026previous-version=4.35.5\u0026new-version=4.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/tektoncd/chains/pull/1681","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tektoncd%2Fchains/issues/1681","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1681/packages"}}]}