From 22eba96a28aedee09e9f47ce40c8605c048515f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 10:25:06 +0000 Subject: [PATCH 01/11] Bump node-forge from 1.3.3 to 1.4.0 Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.3 to 1.4.0. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.3...v1.4.0) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3157f84cca..be60ed5b64 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,7 +32,7 @@ "js-yaml": "^4.1.1", "jsonschema": "1.4.1", "long": "^5.3.2", - "node-forge": "^1.3.3", + "node-forge": "^1.4.0", "semver": "^7.7.4", "uuid": "^13.0.0" }, @@ -7495,9 +7495,9 @@ } }, "node_modules/node-forge": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.3.tgz", - "integrity": "sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz", + "integrity": "sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ==", "license": "(BSD-3-Clause OR GPL-2.0)", "engines": { "node": ">= 6.13.0" diff --git a/package.json b/package.json index 755f88ad0d..54cc617ec1 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "js-yaml": "^4.1.1", "jsonschema": "1.4.1", "long": "^5.3.2", - "node-forge": "^1.3.3", + "node-forge": "^1.4.0", "semver": "^7.7.4", "uuid": "^13.0.0" }, From 36791d8d6609078dde4aba8d7c35226f40cfe874 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 10:27:12 +0000 Subject: [PATCH 02/11] Rebuild --- lib/start-proxy-action.js | 55 ++++++++++++++++++++++++++++++++++----- 1 file changed, 48 insertions(+), 7 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index c673ef504c..f806004cda 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -102716,6 +102716,7 @@ var require_oids = __commonJS({ _IN("2.5.4.15", "businessCategory"); _IN("2.5.4.17", "postalCode"); _IN("2.5.4.42", "givenName"); + _IN("2.5.4.65", "pseudonym"); _IN("1.3.6.1.4.1.311.60.2.1.2", "jurisdictionOfIncorporationStateOrProvinceName"); _IN("1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName"); _IN("2.16.840.1.113730.1.1", "nsCertType"); @@ -106328,6 +106329,11 @@ var require_jsbn = __commonJS({ this.multiplyTo(a, r); return r; } + function bnSquare() { + var r = nbi(); + this.squareTo(r); + return r; + } function bnDivide(a) { var r = nbi(); this.divRemTo(a, r, null); @@ -106551,6 +106557,9 @@ var require_jsbn = __commonJS({ return r; } function bnModInverse(m) { + if (this.signum() == 0) { + return BigInteger.ZERO; + } var ac = m.isEven(); if (this.isEven() && ac || m.signum() == 0) return BigInteger.ZERO; var u = m.clone(), v = this.clone(); @@ -106595,7 +106604,7 @@ var require_jsbn = __commonJS({ if (d.signum() < 0) return d.add(m); else return d; } - var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509]; + var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997]; var lplim = (1 << 26) / lowprimes[lowprimes.length - 1]; function bnIsProbablePrime(t) { var i, x = this.abs(); @@ -106693,6 +106702,7 @@ var require_jsbn = __commonJS({ BigInteger.prototype.pow = bnPow; BigInteger.prototype.gcd = bnGCD; BigInteger.prototype.isProbablePrime = bnIsProbablePrime; + BigInteger.prototype.square = bnSquare; } }); @@ -107888,22 +107898,26 @@ var require_rsa = __commonJS({ } if (options === void 0) { options = { - _parseAllDigestBytes: true + _parseAllDigestBytes: true, + _skipPaddingChecks: false }; } if (!("_parseAllDigestBytes" in options)) { options._parseAllDigestBytes = true; } + if (!("_skipPaddingChecks" in options)) { + options._skipPaddingChecks = false; + } if (scheme === "RSASSA-PKCS1-V1_5") { scheme = { verify: function(digest2, d2) { - d2 = _decodePkcs1_v1_5(d2, key, true); + d2 = _decodePkcs1_v1_5(d2, key, true, void 0, options); var obj = asn1.fromDer(d2, { parseAllBytes: options._parseAllDigestBytes }); var capture = {}; var errors = []; - if (!asn1.validate(obj, digestInfoValidator, capture, errors)) { + if (!asn1.validate(obj, digestInfoValidator, capture, errors) || obj.value.length !== 2) { var error3 = new Error( "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value." ); @@ -107931,7 +107945,7 @@ var require_rsa = __commonJS({ } else if (scheme === "NONE" || scheme === "NULL" || scheme === null) { scheme = { verify: function(digest2, d2) { - d2 = _decodePkcs1_v1_5(d2, key, true); + d2 = _decodePkcs1_v1_5(d2, key, true, void 0, options); return digest2 === d2; } }; @@ -108223,12 +108237,12 @@ var require_rsa = __commonJS({ eb.putBytes(m); return eb; } - function _decodePkcs1_v1_5(em, key, pub, ml) { + function _decodePkcs1_v1_5(em, key, pub, ml, options) { var k = Math.ceil(key.n.bitLength() / 8); var eb = forge.util.createBuffer(em); var first = eb.getByte(); var bt = eb.getByte(); - if (first !== 0 || pub && bt !== 0 && bt !== 1 || !pub && bt != 2 || pub && bt === 0 && typeof ml === "undefined") { + if (first !== 0 || pub && bt !== 0 && bt !== 1 || !pub && bt !== 2 || pub && bt === 0 && typeof ml === "undefined") { throw new Error("Encryption block is invalid."); } var padNum = 0; @@ -108248,6 +108262,9 @@ var require_rsa = __commonJS({ } ++padNum; } + if (padNum < 8 && !(options ? options._skipPaddingChecks : false)) { + throw new Error("Encryption block is invalid."); + } } else if (bt === 2) { padNum = 0; while (eb.length() > 1) { @@ -108257,6 +108274,9 @@ var require_rsa = __commonJS({ } ++padNum; } + if (padNum < 8 && !(options ? options._skipPaddingChecks : false)) { + throw new Error("Encryption block is invalid."); + } } var zero = eb.getByte(); if (zero !== 0 || padNum !== k - 3 - eb.length()) { @@ -111714,6 +111734,12 @@ var require_x509 = __commonJS({ }; } } + if (error3 === null && bcExt === null) { + error3 = { + message: "Certificate is missing basicConstraints extension and cannot be used as a CA.", + error: pki2.certificateError.bad_certificate + }; + } if (error3 === null && bcExt !== null && !bcExt.cA) { error3 = { message: "Certificate basicConstraints indicates the certificate is not a CA.", @@ -115765,6 +115791,9 @@ var require_ed25519 = __commonJS({ if (unpackneg(q, pk)) { return -1; } + if (!_isCanonicalSignatureScalar(sm, 32)) { + return -1; + } for (i = 0; i < n; ++i) { m[i] = sm[i]; } @@ -115790,6 +115819,18 @@ var require_ed25519 = __commonJS({ mlen = n; return mlen; } + function _isCanonicalSignatureScalar(bytes, offset) { + var i; + for (i = 31; i >= 0; --i) { + if (bytes[offset + i] < L[i]) { + return true; + } + if (bytes[offset + i] > L[i]) { + return false; + } + } + return false; + } function modL(r, x) { var carry, i, j, k; for (i = 63; i >= 32; --i) { From 7c510606312e5c68ac8b27c009e5254f226f5dfa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:14:07 +0000 Subject: [PATCH 03/11] Update changelog and version after v4.35.0 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 14321ee56f..f0cf91057d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.35.0 - 27 Mar 2026 - Reduced the minimum Git version required for [improved incremental analysis](https://github.com/github/roadmap/issues/1158) from 2.38.0 to 2.11.0. [#3767](https://github.com/github/codeql-action/pull/3767) diff --git a/package-lock.json b/package-lock.json index 3157f84cca..ba590c6158 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.35.0", + "version": "4.35.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.35.0", + "version": "4.35.1", "license": "MIT", "workspaces": [ "pr-checks" diff --git a/package.json b/package.json index 755f88ad0d..c4712d1b96 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.35.0", + "version": "4.35.1", "private": true, "description": "CodeQL action", "scripts": { From 24448c98434f429f901d27db7ddae55eec5cc1c4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:23:25 +0000 Subject: [PATCH 04/11] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index a5d53ec4c3..36459185f0 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161551,7 +161551,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index a1c31c2ca0..e1ec9d8d52 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -106719,7 +106719,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 61ccf23864..9925fd9c31 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -103525,7 +103525,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index a817e1b35f..14c8dcea17 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164658,7 +164658,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action.js b/lib/init-action.js index f12c224ef9..ac160fc379 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104086,7 +104086,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 4b7b1ebb1a..55c389a98c 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -103533,7 +103533,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 05238bcc7c..6e3523fa68 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103629,7 +103629,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 90b1a9f524..b07eba4724 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161498,7 +161498,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index c673ef504c..1fc25c0233 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120677,7 +120677,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 2c9ba4dfbb..792a97335c 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -106425,7 +106425,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 3321e057ba..3fed842e53 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161498,7 +161498,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 17d26b9ab8..79713cb786 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -106453,7 +106453,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.0"; + return "4.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); From 2437b20ab31021229573a66717323dd5c6ce9319 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 27 Mar 2026 13:26:43 +0000 Subject: [PATCH 05/11] Update minimum git version for overlay to 2.36.0 --- lib/init-action.js | 2 +- src/git-utils.ts | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index ac160fc379..00a62df885 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -105203,7 +105203,7 @@ var core8 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var semver3 = __toESM(require_semver2()); -var GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.11.0"; +var GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.36.0"; var GitVersionInfo = class { constructor(truncatedVersion, fullVersion) { this.truncatedVersion = truncatedVersion; diff --git a/src/git-utils.ts b/src/git-utils.ts index 80e49f2f63..a1cfab8be0 100644 --- a/src/git-utils.ts +++ b/src/git-utils.ts @@ -14,11 +14,11 @@ import { import { ConfigurationError, getRequiredEnvParam } from "./util"; /** - * Minimum Git version required for overlay analysis. The - * `git ls-files --recurse-submodules` option, which is used by - * `getFileOidsUnderPath`, was introduced in Git 2.11.0. + * Minimum Git version required for overlay analysis. Support for using the `git ls-files + * --recurse-submodules` option with `--stage` was added in Git 2.36.0. For more information, see + * `getFileOidsUnderPath`. */ -export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.11.0"; +export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.36.0"; /** * Git version information @@ -261,8 +261,8 @@ export const getFileOidsUnderPath = async function ( // Without the --full-name flag, the path is relative to the current working // directory of the git command, which is basePath. // - // We use --stage rather than --format here because --stage has been available since Git 2.11.0, - // while --format was only introduced in Git 2.38.0, which would limit overlay rollout. + // We use --stage rather than --format here because --stage has been available since Git 2.36.0, + // while --format was only introduced in Git 2.38.0. const stdout = await runGitCommand( basePath, ["ls-files", "--recurse-submodules", "--stage"], From 65d2efa7333ad65f97cc54be40f4cd18630f884c Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 27 Mar 2026 13:52:52 +0000 Subject: [PATCH 06/11] Add changelog note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0cf91057d..dd5454e2c7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Fix incorrect minimum required Git version for [improved incremental analysis](https://github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://github.com/github/codeql-action/pull/3781) ## 4.35.0 - 27 Mar 2026 From c5ffd0683786820677d054e3505e1c5bb4b8c227 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 15:39:16 +0000 Subject: [PATCH 07/11] Update changelog for v4.35.1 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd5454e2c7..0dd2949187 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.35.1 - 27 Mar 2026 - Fix incorrect minimum required Git version for [improved incremental analysis](https://github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://github.com/github/codeql-action/pull/3781) From 4d2fde9e07dd6825ddae3fdb47a997e3075f6821 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 16:13:29 +0000 Subject: [PATCH 08/11] Revert "Update version and changelog for v3.35.0" This reverts commit 124f6eec3bdbc91d15afc86768872b32bf01a691. --- CHANGELOG.md | 62 +++++++++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 36 insertions(+), 28 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7824160e73..14321ee56f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,24 +2,25 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## 3.35.0 - 27 Mar 2026 +## 4.35.0 - 27 Mar 2026 - Reduced the minimum Git version required for [improved incremental analysis](https://github.com/github/roadmap/issues/1158) from 2.38.0 to 2.11.0. [#3767](https://github.com/github/codeql-action/pull/3767) - Update default CodeQL bundle version to [2.25.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1). [#3773](https://github.com/github/codeql-action/pull/3773) -## 3.34.1 - 20 Mar 2026 +## 4.34.1 - 20 Mar 2026 - Downgrade default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3) due to issues with a small percentage of Actions and JavaScript analyses. [#3762](https://github.com/github/codeql-action/pull/3762) -## 3.34.0 - 20 Mar 2026 +## 4.34.0 - 20 Mar 2026 - Added an experimental change which disables TRAP caching when [improved incremental analysis](https://github.com/github/roadmap/issues/1158) is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. [#3569](https://github.com/github/codeql-action/pull/3569) - We are rolling out improved incremental analysis to C/C++ analyses that use build mode `none`. We expect this rollout to be complete by the end of April 2026. [#3584](https://github.com/github/codeql-action/pull/3584) - Update default CodeQL bundle version to [2.25.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0). [#3585](https://github.com/github/codeql-action/pull/3585) -## 3.33.0 - 16 Mar 2026 +## 4.33.0 - 16 Mar 2026 - Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. [#3562](https://github.com/github/codeql-action/pull/3562) + To opt out of this change: - **Repositories owned by an organization:** Create a custom repository property with the name `github-codeql-file-coverage-on-prs` and the type "True/false", then set this property to `true` in the repository's settings. For more information, see [Managing custom properties for repositories in your organization](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). Alternatively, if you are using an advanced setup workflow, you can set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. - **User-owned repositories using default setup:** Switch to an advanced setup workflow and set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. @@ -30,11 +31,11 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". [#3564](https://github.com/github/codeql-action/pull/3564) - A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. [#3570](https://github.com/github/codeql-action/pull/3570) -## 3.32.6 - 05 Mar 2026 +## 4.32.6 - 05 Mar 2026 - Update default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3). [#3548](https://github.com/github/codeql-action/pull/3548) -## 3.32.5 - 02 Mar 2026 +## 4.32.5 - 02 Mar 2026 - Repositories owned by an organization can now set up the `github-codeql-disable-overlay` custom repository property to disable [improved incremental analysis for CodeQL](https://github.com/github/roadmap/issues/1158). First, create a custom repository property with the name `github-codeql-disable-overlay` and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to `true` to disable improved incremental analysis. For more information, see [Managing custom properties for repositories in your organization](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). This feature is not yet available on GitHub Enterprise Server. [#3507](https://github.com/github/codeql-action/pull/3507) - Added an experimental change so that when [improved incremental analysis](https://github.com/github/roadmap/issues/1158) fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. [#3487](https://github.com/github/codeql-action/pull/3487) @@ -44,7 +45,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - Added an experimental change which allows the `start-proxy` action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. [#3512](https://github.com/github/codeql-action/pull/3512) - The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. [#3503](https://github.com/github/codeql-action/pull/3503), [#3504](https://github.com/github/codeql-action/pull/3504) -## 3.32.4 - 20 Feb 2026 +## 4.32.4 - 20 Feb 2026 - Update default CodeQL bundle version to [2.24.2](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2). [#3493](https://github.com/github/codeql-action/pull/3493) - Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when [private package registries are configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. [#3473](https://github.com/github/codeql-action/pull/3473) @@ -52,88 +53,88 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. [#3485](https://github.com/github/codeql-action/pull/3485) - Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a [nightly CodeQL CLI release](https://github.com/dsp-testing/codeql-cli-nightlies) instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. [#3484](https://github.com/github/codeql-action/pull/3484) -## 3.32.3 - 13 Feb 2026 +## 4.32.3 - 13 Feb 2026 - Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://github.com/github/codeql-action/pull/3466) -## 3.32.2 - 05 Feb 2026 +## 4.32.2 - 05 Feb 2026 - Update default CodeQL bundle version to [2.24.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1). [#3460](https://github.com/github/codeql-action/pull/3460) -## 3.32.1 - 02 Feb 2026 +## 4.32.1 - 02 Feb 2026 - A warning is now shown in Default Setup workflow logs if a [private package registry is configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries) using a GitHub Personal Access Token (PAT), but no username is configured. [#3422](https://github.com/github/codeql-action/pull/3422) - Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. [#3421](https://github.com/github/codeql-action/pull/3421) -## 3.32.0 - 26 Jan 2026 +## 4.32.0 - 26 Jan 2026 - Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [#3425](https://github.com/github/codeql-action/pull/3425) -## 3.31.11 - 23 Jan 2026 +## 4.31.11 - 23 Jan 2026 - When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [#3409](https://github.com/github/codeql-action/pull/3409) - Improved error handling throughout the CodeQL Action. [#3415](https://github.com/github/codeql-action/pull/3415) - Added experimental support for automatically excluding [generated files](https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github) from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. [#3318](https://github.com/github/codeql-action/pull/3318) - The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. [#3403](https://github.com/github/codeql-action/pull/3403) -## 3.31.10 - 12 Jan 2026 +## 4.31.10 - 12 Jan 2026 - Update default CodeQL bundle version to 2.23.9. [#3393](https://github.com/github/codeql-action/pull/3393) -## 3.31.9 - 16 Dec 2025 +## 4.31.9 - 16 Dec 2025 No user facing changes. -## 3.31.8 - 11 Dec 2025 +## 4.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) -## 3.31.7 - 05 Dec 2025 +## 4.31.7 - 05 Dec 2025 - Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343) -## 3.31.6 - 01 Dec 2025 +## 4.31.6 - 01 Dec 2025 No user facing changes. -## 3.31.5 - 24 Nov 2025 +## 4.31.5 - 24 Nov 2025 - Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321) -## 3.31.4 - 18 Nov 2025 +## 4.31.4 - 18 Nov 2025 No user facing changes. -## 3.31.3 - 13 Nov 2025 +## 4.31.3 - 13 Nov 2025 - CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/). - Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288) -## 3.31.2 - 30 Oct 2025 +## 4.31.2 - 30 Oct 2025 No user facing changes. -## 3.31.1 - 30 Oct 2025 +## 4.31.1 - 30 Oct 2025 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. -## 3.31.0 - 24 Oct 2025 +## 4.31.0 - 24 Oct 2025 - Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223) - When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222) -## 3.30.9 - 17 Oct 2025 +## 4.30.9 - 17 Oct 2025 - Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205) - Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204) -## 3.30.8 - 10 Oct 2025 +## 4.30.8 - 10 Oct 2025 No user facing changes. -## 3.30.7 - 06 Oct 2025 +## 4.30.7 - 06 Oct 2025 -No user facing changes. +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.6 - 02 Oct 2025 @@ -369,13 +370,17 @@ No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520) + - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. + - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. + Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then. + This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519) @@ -498,9 +503,12 @@ No user facing changes. ## 3.25.0 - 15 Apr 2024 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224) + As a result, the following inputs and environment variables are now ignored: + - The `setup-python-dependencies` input to the `init` Action - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable + We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0. - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229) - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232) diff --git a/package.json b/package.json index b2a701025d..755f88ad0d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.35.0", + "version": "4.35.0", "private": true, "description": "CodeQL action", "scripts": { From 8bb5bdb9fd2ece3b1f7c28eb76924d0787c7b5a0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 16:13:29 +0000 Subject: [PATCH 09/11] Revert "Rebuild" This reverts commit b1a5f00cf1414c79948f00c9b539883eaa011345. --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 46f7eae6ca..a5d53ec4c3 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161551,7 +161551,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 0b0b9cc75f..a1c31c2ca0 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -106719,7 +106719,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 1797946424..61ccf23864 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -103525,7 +103525,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index cb31318b82..a817e1b35f 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164658,7 +164658,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action.js b/lib/init-action.js index b26bd4308d..f12c224ef9 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104086,7 +104086,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 5d2850c0ab..4b7b1ebb1a 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -103533,7 +103533,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index cb243318e6..05238bcc7c 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103629,7 +103629,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index dce238b219..90b1a9f524 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161498,7 +161498,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 68b2a5f5ff..c673ef504c 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120677,7 +120677,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 16a7d58eda..2c9ba4dfbb 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -106425,7 +106425,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 3a43b3e24b..3321e057ba 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161498,7 +161498,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 6a4bf0b454..17d26b9ab8 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -106453,7 +106453,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "3.35.0"; + return "4.35.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); From c983cb8e74302a957ed89d4cc99d2ecaa98da907 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 16:13:31 +0000 Subject: [PATCH 10/11] Update version and changelog for v3.35.1 --- CHANGELOG.md | 64 +++++++++++++++++++++++----------------------------- package.json | 2 +- 2 files changed, 29 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0dd2949187..970afa4e91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,29 +2,28 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## 4.35.1 - 27 Mar 2026 +## 3.35.1 - 27 Mar 2026 - Fix incorrect minimum required Git version for [improved incremental analysis](https://github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://github.com/github/codeql-action/pull/3781) -## 4.35.0 - 27 Mar 2026 +## 3.35.0 - 27 Mar 2026 - Reduced the minimum Git version required for [improved incremental analysis](https://github.com/github/roadmap/issues/1158) from 2.38.0 to 2.11.0. [#3767](https://github.com/github/codeql-action/pull/3767) - Update default CodeQL bundle version to [2.25.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1). [#3773](https://github.com/github/codeql-action/pull/3773) -## 4.34.1 - 20 Mar 2026 +## 3.34.1 - 20 Mar 2026 - Downgrade default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3) due to issues with a small percentage of Actions and JavaScript analyses. [#3762](https://github.com/github/codeql-action/pull/3762) -## 4.34.0 - 20 Mar 2026 +## 3.34.0 - 20 Mar 2026 - Added an experimental change which disables TRAP caching when [improved incremental analysis](https://github.com/github/roadmap/issues/1158) is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. [#3569](https://github.com/github/codeql-action/pull/3569) - We are rolling out improved incremental analysis to C/C++ analyses that use build mode `none`. We expect this rollout to be complete by the end of April 2026. [#3584](https://github.com/github/codeql-action/pull/3584) - Update default CodeQL bundle version to [2.25.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0). [#3585](https://github.com/github/codeql-action/pull/3585) -## 4.33.0 - 16 Mar 2026 +## 3.33.0 - 16 Mar 2026 - Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. [#3562](https://github.com/github/codeql-action/pull/3562) - To opt out of this change: - **Repositories owned by an organization:** Create a custom repository property with the name `github-codeql-file-coverage-on-prs` and the type "True/false", then set this property to `true` in the repository's settings. For more information, see [Managing custom properties for repositories in your organization](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). Alternatively, if you are using an advanced setup workflow, you can set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. - **User-owned repositories using default setup:** Switch to an advanced setup workflow and set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow. @@ -35,11 +34,11 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". [#3564](https://github.com/github/codeql-action/pull/3564) - A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. [#3570](https://github.com/github/codeql-action/pull/3570) -## 4.32.6 - 05 Mar 2026 +## 3.32.6 - 05 Mar 2026 - Update default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3). [#3548](https://github.com/github/codeql-action/pull/3548) -## 4.32.5 - 02 Mar 2026 +## 3.32.5 - 02 Mar 2026 - Repositories owned by an organization can now set up the `github-codeql-disable-overlay` custom repository property to disable [improved incremental analysis for CodeQL](https://github.com/github/roadmap/issues/1158). First, create a custom repository property with the name `github-codeql-disable-overlay` and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to `true` to disable improved incremental analysis. For more information, see [Managing custom properties for repositories in your organization](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization). This feature is not yet available on GitHub Enterprise Server. [#3507](https://github.com/github/codeql-action/pull/3507) - Added an experimental change so that when [improved incremental analysis](https://github.com/github/roadmap/issues/1158) fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. [#3487](https://github.com/github/codeql-action/pull/3487) @@ -49,7 +48,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - Added an experimental change which allows the `start-proxy` action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. [#3512](https://github.com/github/codeql-action/pull/3512) - The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. [#3503](https://github.com/github/codeql-action/pull/3503), [#3504](https://github.com/github/codeql-action/pull/3504) -## 4.32.4 - 20 Feb 2026 +## 3.32.4 - 20 Feb 2026 - Update default CodeQL bundle version to [2.24.2](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2). [#3493](https://github.com/github/codeql-action/pull/3493) - Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when [private package registries are configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. [#3473](https://github.com/github/codeql-action/pull/3473) @@ -57,88 +56,88 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. [#3485](https://github.com/github/codeql-action/pull/3485) - Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a [nightly CodeQL CLI release](https://github.com/dsp-testing/codeql-cli-nightlies) instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. [#3484](https://github.com/github/codeql-action/pull/3484) -## 4.32.3 - 13 Feb 2026 +## 3.32.3 - 13 Feb 2026 - Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://github.com/github/codeql-action/pull/3466) -## 4.32.2 - 05 Feb 2026 +## 3.32.2 - 05 Feb 2026 - Update default CodeQL bundle version to [2.24.1](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1). [#3460](https://github.com/github/codeql-action/pull/3460) -## 4.32.1 - 02 Feb 2026 +## 3.32.1 - 02 Feb 2026 - A warning is now shown in Default Setup workflow logs if a [private package registry is configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries) using a GitHub Personal Access Token (PAT), but no username is configured. [#3422](https://github.com/github/codeql-action/pull/3422) - Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. [#3421](https://github.com/github/codeql-action/pull/3421) -## 4.32.0 - 26 Jan 2026 +## 3.32.0 - 26 Jan 2026 - Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [#3425](https://github.com/github/codeql-action/pull/3425) -## 4.31.11 - 23 Jan 2026 +## 3.31.11 - 23 Jan 2026 - When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [#3409](https://github.com/github/codeql-action/pull/3409) - Improved error handling throughout the CodeQL Action. [#3415](https://github.com/github/codeql-action/pull/3415) - Added experimental support for automatically excluding [generated files](https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github) from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. [#3318](https://github.com/github/codeql-action/pull/3318) - The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. [#3403](https://github.com/github/codeql-action/pull/3403) -## 4.31.10 - 12 Jan 2026 +## 3.31.10 - 12 Jan 2026 - Update default CodeQL bundle version to 2.23.9. [#3393](https://github.com/github/codeql-action/pull/3393) -## 4.31.9 - 16 Dec 2025 +## 3.31.9 - 16 Dec 2025 No user facing changes. -## 4.31.8 - 11 Dec 2025 +## 3.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) -## 4.31.7 - 05 Dec 2025 +## 3.31.7 - 05 Dec 2025 - Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343) -## 4.31.6 - 01 Dec 2025 +## 3.31.6 - 01 Dec 2025 No user facing changes. -## 4.31.5 - 24 Nov 2025 +## 3.31.5 - 24 Nov 2025 - Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321) -## 4.31.4 - 18 Nov 2025 +## 3.31.4 - 18 Nov 2025 No user facing changes. -## 4.31.3 - 13 Nov 2025 +## 3.31.3 - 13 Nov 2025 - CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/). - Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288) -## 4.31.2 - 30 Oct 2025 +## 3.31.2 - 30 Oct 2025 No user facing changes. -## 4.31.1 - 30 Oct 2025 +## 3.31.1 - 30 Oct 2025 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. -## 4.31.0 - 24 Oct 2025 +## 3.31.0 - 24 Oct 2025 - Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223) - When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222) -## 4.30.9 - 17 Oct 2025 +## 3.30.9 - 17 Oct 2025 - Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205) - Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204) -## 4.30.8 - 10 Oct 2025 +## 3.30.8 - 10 Oct 2025 No user facing changes. -## 4.30.7 - 06 Oct 2025 +## 3.30.7 - 06 Oct 2025 -- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) +No user facing changes. ## 3.30.6 - 02 Oct 2025 @@ -374,17 +373,13 @@ No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520) - - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. - - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. - Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then. - This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519) @@ -507,12 +502,9 @@ No user facing changes. ## 3.25.0 - 15 Apr 2024 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224) - As a result, the following inputs and environment variables are now ignored: - - The `setup-python-dependencies` input to the `init` Action - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable - We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0. - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229) - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232) diff --git a/package.json b/package.json index b432e963b6..02ab4e90d2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.35.1", + "version": "3.35.1", "private": true, "description": "CodeQL action", "scripts": { From 646729a1e2de32335c2b620d7f9791a20007f197 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 16:19:35 +0000 Subject: [PATCH 11/11] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 36459185f0..21df089b9b 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161551,7 +161551,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index e1ec9d8d52..42a055fdc5 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -106719,7 +106719,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 9925fd9c31..424e5e0b41 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -103525,7 +103525,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 14c8dcea17..d6ac035f9a 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164658,7 +164658,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action.js b/lib/init-action.js index 00a62df885..c49bd4c637 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104086,7 +104086,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 55c389a98c..bfe5653eb2 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -103533,7 +103533,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 6e3523fa68..6586b8acce 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103629,7 +103629,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index b07eba4724..3a68f33cb3 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161498,7 +161498,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 43e6bd10f3..7b10da0114 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120718,7 +120718,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 792a97335c..35d28fdf2d 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -106425,7 +106425,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 3fed842e53..d1e8384327 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161498,7 +161498,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 79713cb786..5aeae8c6c2 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -106453,7 +106453,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.1"; + return "3.35.1"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME");