Skip to content

chore(deps): bump github/codeql-action from 3.30.7 to 3.31.0#57

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-3.31.0
Open

chore(deps): bump github/codeql-action from 3.30.7 to 3.31.0#57
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-3.31.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025

Bumps github/codeql-action from 3.30.7 to 3.31.0.

Release notes

Sourced from github/codeql-action's releases.

v3.31.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

See the full CHANGELOG.md for more information.

v3.30.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

See the full CHANGELOG.md for more information.

v3.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Commits
  • d198d2f Merge pull request #3237 from github/backport-v3.31.0-4e94bd11f
  • 9e3918e Rebuild
  • 7dd1575 Update version and changelog for v3.31.0
  • 28fc48d Merge remote-tracking branch 'origin/releases/v4' into backport-v3.31.0-4e94b...
  • 12c6008 Revert "Rebuild"
  • d3019ef Revert "Update version and changelog for v3.30.9"
  • 4e94bd1 Merge pull request #3235 from github/update-v4.31.0-1d36546c1
  • 8f11182 Update changelog for v4.31.0
  • 1d36546 Merge pull request #3234 from github/mbg/changelog/post-processing
  • 08ada26 Add changelog entry for post-processing change
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github/codeql-action from 3.30.7 to 3.31.0
8c0453b 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.7 to 3.31.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@a8d1ac4...d198d2f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update github_actions code labels Oct 27, 2025
@dependabot dependabot bot requested a review from ThatKalle as a code owner October 27, 2025 04:30
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update github_actions code labels Oct 27, 2025
@dependabot dependabot bot mentioned this pull request Oct 27, 2025
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Oct 27, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/github/codeql-action/analyze d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/init d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/upload-sarif d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/analyze d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/init d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/upload-sarif d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/analyze d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/init d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown
actions/github/codeql-action/upload-sarif d198d2fabf39a7f36b5ce57ce70d4942944f006e UnknownUnknown

Scanned Files

  • .github/workflows/codeql-actions.yml
  • .github/workflows/codeql-javascripttypescript.yml
  • .github/workflows/codescanning-schedule.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ThatKalle ThatKalle Awaiting requested review from ThatKalle ThatKalle is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants