From 7434149006143a4d75b82a2f411ef15b03ccc2d7 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Fri, 26 Sep 2025 19:36:42 +0000 Subject: [PATCH 01/20] Upgrade Node.js version to 24. This requires creating a new major-version (v4) of codeql-action. --- .github/actions/check-sarif/action.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- CONTRIBUTING.md | 2 +- README.md | 3 +- analyze/action.yml | 2 +- autobuild/action.yml | 2 +- build.mjs | 2 +- init/action.yml | 2 +- package-lock.json | 24 +++++------ package.json | 4 +- resolve-environment/action.yml | 2 +- src/autobuild.ts | 6 +-- src/init-action-post-helper.test.ts | 24 +++++------ src/workflow.test.ts | 58 +++++++++++++------------- start-proxy/action.yml | 2 +- upload-sarif/action.yml | 2 +- 16 files changed, 69 insertions(+), 70 deletions(-) diff --git a/.github/actions/check-sarif/action.yml b/.github/actions/check-sarif/action.yml index 89ff9d703..bfa1c3b9d 100644 --- a/.github/actions/check-sarif/action.yml +++ b/.github/actions/check-sarif/action.yml @@ -16,5 +16,5 @@ inputs: Comma separated list of query ids that should NOT be included in this SARIF file. runs: - using: node20 + using: node24 main: index.js diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de8..67974422e 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -72,7 +72,7 @@ jobs: run: npm run lint-ci - name: Upload sarif - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: matrix.os == 'ubuntu-latest' with: sarif_file: eslint.sarif diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 493ae847c..13614cb01 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c ## Development and Testing -Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. +Before you start, ensure that you have a recent version of node (24 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. ### Common tasks diff --git a/README.md b/README.md index c5b8eab81..c6ab9ff1a 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 (latest) +- v3 +- v4 (latest) ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server diff --git a/analyze/action.yml b/analyze/action.yml index b7880be17..7fc118b15 100644 --- a/analyze/action.yml +++ b/analyze/action.yml @@ -92,6 +92,6 @@ outputs: sarif-id: description: The ID of the uploaded SARIF file. runs: - using: node20 + using: node24 main: "../lib/analyze-action.js" post: "../lib/analyze-action-post.js" diff --git a/autobuild/action.yml b/autobuild/action.yml index 80d8c1c31..c820fb5af 100644 --- a/autobuild/action.yml +++ b/autobuild/action.yml @@ -15,5 +15,5 @@ inputs: $GITHUB_WORKSPACE as its working directory. required: false runs: - using: node20 + using: node24 main: '../lib/autobuild-action.js' diff --git a/build.mjs b/build.mjs index 05f7e0502..2e014e81d 100644 --- a/build.mjs +++ b/build.mjs @@ -68,7 +68,7 @@ const context = await esbuild.context({ outdir: OUT_DIR, platform: "node", plugins: [cleanPlugin, copyDefaultsPlugin, onEndPlugin], - target: ["node20"], + target: ["node24"], }); await context.rebuild(); diff --git a/init/action.yml b/init/action.yml index ba5d6efcc..57d5a9940 100644 --- a/init/action.yml +++ b/init/action.yml @@ -165,6 +165,6 @@ outputs: codeql-version: description: The version of the CodeQL binary used for analysis runs: - using: node20 + using: node24 main: '../lib/init-action.js' post: '../lib/init-action-post.js' diff --git a/package-lock.json b/package-lock.json index 46ec821b8..c13f510c1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.30.6", + "version": "4.30.6", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", @@ -47,7 +47,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -2660,13 +2660,13 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "20.19.9", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz", - "integrity": "sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw==", + "version": "24.6.0", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.6.0.tgz", + "integrity": "sha512-F1CBxgqwOMc4GKJ7eY22hWhBVQuMYTtqI8L0FcszYcpYX0fzfDGpez22Xau8Mgm7O9fI+zA/TYIdq3tGWfweBA==", "dev": true, "license": "MIT", "dependencies": { - "undici-types": "~6.21.0" + "undici-types": "~7.13.0" } }, "node_modules/@types/node-forge": { @@ -4200,9 +4200,7 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "1.1.12", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", - "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "version": "1.1.11", "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", @@ -9197,9 +9195,9 @@ } }, "node_modules/undici-types": { - "version": "6.21.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", - "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "version": "7.13.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.13.0.tgz", + "integrity": "sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ==", "dev": true, "license": "MIT" }, diff --git a/package.json b/package.json index 31389bb80..60a1f009c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.6", "private": true, "description": "CodeQL action", "scripts": { @@ -62,7 +62,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", diff --git a/resolve-environment/action.yml b/resolve-environment/action.yml index 188e5fd17..0734fcfa4 100644 --- a/resolve-environment/action.yml +++ b/resolve-environment/action.yml @@ -21,5 +21,5 @@ outputs: environment: description: The inferred build environment configuration. runs: - using: node20 + using: node24 main: '../lib/resolve-environment-action.js' diff --git a/src/autobuild.ts b/src/autobuild.ts index 1812e3501..ce3d45cc4 100644 --- a/src/autobuild.ts +++ b/src/autobuild.ts @@ -52,11 +52,11 @@ export async function determineAutobuildLanguages( * For example, consider a user with the following workflow file: * * ```yml - * - uses: github/codeql-action/init@v3 + * - uses: github/codeql-action/init@v4 * with: * languages: go, java - * - uses: github/codeql-action/autobuild@v3 - * - uses: github/codeql-action/analyze@v3 + * - uses: github/codeql-action/autobuild@v4 + * - uses: github/codeql-action/analyze@v4 * ``` * * - With Go extraction disabled, we will run the Java autobuilder in the diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts index 72a828a33..1c1cbcb68 100644 --- a/src/init-action-post-helper.test.ts +++ b/src/init-action-post-helper.test.ts @@ -84,14 +84,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off" }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -108,14 +108,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -135,14 +135,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -192,14 +192,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) { }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", upload: uploadInput, @@ -227,14 +227,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "/language:${{ matrix.language }}", }, @@ -254,14 +254,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { upload: "${{ matrix.language != 'csharp' }}", }, diff --git a/src/workflow.test.ts b/src/workflow.test.ts index 9af81459e..e922d8079 100644 --- a/src/workflow.test.ts +++ b/src/workflow.test.ts @@ -395,9 +395,9 @@ async function testLanguageAliases( }, }, steps: [ - { uses: "actions/checkout@v3" }, - { uses: "github/codeql-action/init@v3" }, - { uses: "github/codeql-action/analyze@v3" }, + { uses: "actions/checkout@v4" }, + { uses: "github/codeql-action/init@v4" }, + { uses: "github/codeql-action/analyze@v4" }, ], }, }, @@ -666,7 +666,7 @@ test("getWorkflowErrors() should report a warning if different versions of the C analyze: steps: - uses: github/codeql-action/init@v2 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -686,8 +686,8 @@ test("getWorkflowErrors() should not report a warning if the same versions of th jobs: analyze: steps: - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -706,7 +706,7 @@ test("getWorkflowErrors() should not report a warning involving versions of othe analyze: steps: - uses: actions/checkout@v5 - - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -723,9 +723,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category `) as Workflow, @@ -745,9 +745,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, "analysis", {}, @@ -765,19 +765,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs", foo: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build foo - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: foo-category bar: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build bar - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: bar-category `) as Workflow, @@ -800,11 +800,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix", matrix: language: [javascript, python] steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 with: language: \${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: "/language:\${{ matrix.language }}" `) as Workflow, @@ -824,9 +824,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category", jobs: analysis: steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: "\${{ github.workflow }}" `) as Workflow, @@ -851,12 +851,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: another-category `) as Workflow, diff --git a/start-proxy/action.yml b/start-proxy/action.yml index 14d2cd1f8..6d520259f 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -26,6 +26,6 @@ outputs: proxy_urls: description: A stringified JSON array of objects containing the types and URLs of the configured registries. runs: - using: node20 + using: node24 main: "../lib/start-proxy-action.js" post: "../lib/start-proxy-action-post.js" diff --git a/upload-sarif/action.yml b/upload-sarif/action.yml index cd61886c6..2827891b2 100644 --- a/upload-sarif/action.yml +++ b/upload-sarif/action.yml @@ -41,6 +41,6 @@ outputs: { "code-scanning": "some-id", "code-quality": "some-other-id" } runs: - using: node20 + using: node24 main: '../lib/upload-sarif-action.js' post: '../lib/upload-sarif-action-post.js' From 30445af89f63da37c830d906b47c90c6e94e8d3c Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Fri, 26 Sep 2025 16:18:59 -0500 Subject: [PATCH 02/20] Rebuild JS after upgrading to Node.js 24. --- lib/analyze-action-post.js | 6 +++--- lib/analyze-action.js | 6 +++--- lib/autobuild-action.js | 6 +++--- lib/init-action-post.js | 6 +++--- lib/init-action.js | 6 +++--- lib/resolve-environment-action.js | 6 +++--- lib/start-proxy-action-post.js | 6 +++--- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 6 +++--- lib/upload-sarif-action-post.js | 6 +++--- lib/upload-sarif-action.js | 6 +++--- 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index dc7b7a840..17d28f661 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 58f61c096..a8a3d8589 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index f9b6ebdfe..7f12059f3 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 210a6f501..c4fd6f812 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action.js b/lib/init-action.js index 6940d87af..49775e6ff 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 8ace1ec0b..9d53cdbe6 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index e0ff1691a..2d262137b 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 1b934050d..e2d966636 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -44966,7 +44966,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -45028,7 +45028,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 27ad93408..78763e9cc 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33584,7 +33584,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -33646,7 +33646,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -35688,7 +35688,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 1e61b3bc5..6ffda0583 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -106366,7 +106366,7 @@ var require_brace_expansion3 = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 317e6290b..2e6a676dc 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.6", private: true, description: "CodeQL action", scripts: { @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "20.19.9", + "@types/node": "^24.5.2", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,(?!,).*\}/)) { + if (m.post.match(/,.*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } From d7ada03e0280f776b82f810731bcbec65691d7b4 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Fri, 26 Sep 2025 16:38:11 -0500 Subject: [PATCH 03/20] Downgrade upload-sarif@v4 -> v3 I got ahead of myself; v4 hasn't been tagged yet. --- .github/workflows/pr-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 67974422e..2fd737de8 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -72,7 +72,7 @@ jobs: run: npm run lint-ci - name: Upload sarif - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@v3 if: matrix.os == 'ubuntu-latest' with: sarif_file: eslint.sarif From 180438161ed057dbe254fbe4b9e065448fbe1c40 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 29 Sep 2025 11:22:30 -0500 Subject: [PATCH 04/20] Specify Node.js v24 in actions/setup-node steps. --- .github/workflows/codescanning-config-cli.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- .github/workflows/query-filters.yml | 2 +- .github/workflows/update-bundle.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index c6dc41f29..0c6213e9e 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -58,7 +58,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de8..3a4bca4ec 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -36,7 +36,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Set up Python diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index aabcc144b..fa89d2d93 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -34,7 +34,7 @@ jobs: - name: Install Node.js uses: actions/setup-node@v5 with: - node-version: 20.x + node-version: 24 cache: npm - name: Install dependencies diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index e64135d84..6705d7d14 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -43,7 +43,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Install dependencies From d4bbcb74ca9400cb92146ef4ea5e441eafd2edce Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 29 Sep 2025 11:26:46 -0500 Subject: [PATCH 05/20] Implement simultaneous PR checks for Node.js v20, v24. Copied from #2006. --- .github/workflows/pr-checks.yml | 12 ++++++-- .github/workflows/script/check-js-20.sh | 37 +++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100755 .github/workflows/script/check-js-20.sh diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 3a4bca4ec..4d87e15fb 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -20,6 +20,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] + node-version: [20, 24] permissions: contents: read security-events: write # needed to upload ESLint results @@ -36,7 +37,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: 24 + node-version: ${{ matrix.node-version }} cache: 'npm' - name: Set up Python @@ -51,7 +52,12 @@ jobs: npm config set script-shell bash npm ci - - name: Verify compiled JS up to date + - name: Verify compiled JS up to date (Node.js 20) + if: matrix.node-version == 20 + run: .github/workflows/script/check-js-20.sh + + - name: Verify compiled JS up to date (Node.js 24) + if: matrix.node-version == 24 run: .github/workflows/script/check-js.sh - name: Verify PR checks up to date @@ -73,7 +79,7 @@ jobs: - name: Upload sarif uses: github/codeql-action/upload-sarif@v3 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24 with: sarif_file: eslint.sarif category: eslint diff --git a/.github/workflows/script/check-js-20.sh b/.github/workflows/script/check-js-20.sh new file mode 100755 index 000000000..02ed8557a --- /dev/null +++ b/.github/workflows/script/check-js-20.sh @@ -0,0 +1,37 @@ +#!/bin/bash +set -eu + +# Change @types/node to v20 temporarily to check that the generated JS files are correct. +contents=$(jq '.devDependencies."@types/node" = "^20.0.0"' package.json) +echo "${contents}" > package.json + +npm install + +if [ ! -z "$(git status --porcelain)" ]; then + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions[bot]" + # The period in `git add --all .` ensures that we stage deleted files too. + git add --all . + git commit -m "Use @types/node v20" +fi + +# Wipe the lib directory in case there are extra unnecessary files in there +rm -rf lib + +# Generate the JavaScript files +npm run-script build + +# Check that repo is still clean. +# The downgrade of @types/node means that we expect certain changes to the generated JS files. +# Therefore, we should ignore these changes to @types/node and check for outstanding changes. +if [[ $(git diff | grep --perl-regexp '^-(?!--)' | grep --count --invert-match --perl-regexp '"@types/node": "\^24') -gt 0 || \ + $(git diff | grep --perl-regexp '^\+(?!\+\+)' | grep --count --invert-match --perl-regexp '"@types/node": "\^20') -gt 0 ]] +then + >&2 echo "Failed: JavaScript files are not up to date. Run 'rm -rf lib && npm run-script build' to update" + git diff + exit 1 +fi +echo "Success: JavaScript files are up to date" + +# Clean up changes to package.json, package-lock.json, and lib/*.js. +git reset --hard HEAD~1 From d4b5380db47e283a94c5a85c4c6cf1f677d2530e Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 30 Sep 2025 13:45:06 -0500 Subject: [PATCH 06/20] Document Node.js 24 change in CHANGELOG.md. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65af5e0af..dc29f203c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ No user facing changes. - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. [#3107](https://github.com/github/codeql-action/pull/3107) - You can now run the latest CodeQL nightly bundle by passing `tools: nightly` to the `init` action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. [#3130](https://github.com/github/codeql-action/pull/3130) - Update default CodeQL bundle version to 2.23.1. [#3118](https://github.com/github/codeql-action/pull/3118) +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.3 - 10 Sep 2025 From 3adb1ff7b88abf82e97c2c42d9ac29a62769ba63 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Wed, 1 Oct 2025 09:04:18 -0500 Subject: [PATCH 07/20] Reorder supported tags in descending order Co-authored-by: Henry Mercer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c6ab9ff1a..d4e5320b3 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 - v4 (latest) +- v3 ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server From 54ae8ba5b132f38656616b37ff939c55700d519b Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Thu, 2 Oct 2025 13:46:44 -0500 Subject: [PATCH 08/20] Simplify PR check by reverting changes to `@types/node`. --- .github/workflows/pr-checks.yml | 7 +---- .github/workflows/script/check-js-20.sh | 37 ------------------------- build.mjs | 6 ++-- lib/analyze-action-post.js | 4 +-- lib/analyze-action.js | 4 +-- lib/autobuild-action.js | 4 +-- lib/init-action-post.js | 4 +-- lib/init-action.js | 4 +-- lib/resolve-environment-action.js | 4 +-- lib/start-proxy-action-post.js | 4 +-- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 4 +-- lib/upload-sarif-action-post.js | 4 +-- lib/upload-sarif-action.js | 4 +-- package-lock.json | 20 +++++++------ package.json | 2 +- 16 files changed, 37 insertions(+), 77 deletions(-) delete mode 100755 .github/workflows/script/check-js-20.sh diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 4d87e15fb..376730e38 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -52,12 +52,7 @@ jobs: npm config set script-shell bash npm ci - - name: Verify compiled JS up to date (Node.js 20) - if: matrix.node-version == 20 - run: .github/workflows/script/check-js-20.sh - - - name: Verify compiled JS up to date (Node.js 24) - if: matrix.node-version == 24 + - name: Verify compiled JS up to date run: .github/workflows/script/check-js.sh - name: Verify PR checks up to date diff --git a/.github/workflows/script/check-js-20.sh b/.github/workflows/script/check-js-20.sh deleted file mode 100755 index 02ed8557a..000000000 --- a/.github/workflows/script/check-js-20.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -set -eu - -# Change @types/node to v20 temporarily to check that the generated JS files are correct. -contents=$(jq '.devDependencies."@types/node" = "^20.0.0"' package.json) -echo "${contents}" > package.json - -npm install - -if [ ! -z "$(git status --porcelain)" ]; then - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - # The period in `git add --all .` ensures that we stage deleted files too. - git add --all . - git commit -m "Use @types/node v20" -fi - -# Wipe the lib directory in case there are extra unnecessary files in there -rm -rf lib - -# Generate the JavaScript files -npm run-script build - -# Check that repo is still clean. -# The downgrade of @types/node means that we expect certain changes to the generated JS files. -# Therefore, we should ignore these changes to @types/node and check for outstanding changes. -if [[ $(git diff | grep --perl-regexp '^-(?!--)' | grep --count --invert-match --perl-regexp '"@types/node": "\^24') -gt 0 || \ - $(git diff | grep --perl-regexp '^\+(?!\+\+)' | grep --count --invert-match --perl-regexp '"@types/node": "\^20') -gt 0 ]] -then - >&2 echo "Failed: JavaScript files are not up to date. Run 'rm -rf lib && npm run-script build' to update" - git diff - exit 1 -fi -echo "Success: JavaScript files are up to date" - -# Clean up changes to package.json, package-lock.json, and lib/*.js. -git reset --hard HEAD~1 diff --git a/build.mjs b/build.mjs index 2e014e81d..9e28acbd7 100644 --- a/build.mjs +++ b/build.mjs @@ -13,7 +13,7 @@ const OUT_DIR = join(__dirname, "lib"); /** * Clean the output directory before building. - * + * * @type {esbuild.Plugin} */ const cleanPlugin = { @@ -27,7 +27,7 @@ const cleanPlugin = { /** * Copy defaults.json to the output directory since other projects depend on it. - * + * * @type {esbuild.Plugin} */ const copyDefaultsPlugin = { @@ -68,7 +68,7 @@ const context = await esbuild.context({ outdir: OUT_DIR, platform: "node", plugins: [cleanPlugin, copyDefaultsPlugin, onEndPlugin], - target: ["node24"], + target: ["node20"], }); await context.rebuild(); diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 506c3886b..9608f9f58 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index d4d77251f..f17cde249 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 86634cdf8..30c9abb8f 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 504e33abc..fdf055f09 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/init-action.js b/lib/init-action.js index 01f7dcdbd..901cbda3f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 9d53cdbe6..d3edabe93 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 2d262137b..ee1a6ba94 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -28542,7 +28542,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index a194b3d5f..c6c18fc06 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45036,7 +45036,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 9a9e6e6bc..dde7db14c 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33646,7 +33646,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -35688,7 +35688,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index ac0a6da67..5ec030a15 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26500,7 +26500,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -106366,7 +106366,7 @@ var require_brace_expansion3 = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index cc9874e26..dc7506af3 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32349,7 +32349,7 @@ var require_package = __commonJS({ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -34391,7 +34391,7 @@ var require_brace_expansion = __commonJS({ var isSequence = isNumericSequence || isAlphaSequence; var isOptions = m.body.indexOf(",") >= 0; if (!isSequence && !isOptions) { - if (m.post.match(/,.*\}/)) { + if (m.post.match(/,(?!,).*\}/)) { str2 = m.pre + "{" + m.body + escClose + m.post; return expand(str2); } diff --git a/package-lock.json b/package-lock.json index c13f510c1..cb0108057 100644 --- a/package-lock.json +++ b/package-lock.json @@ -47,7 +47,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", @@ -2660,13 +2660,13 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "24.6.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.6.0.tgz", - "integrity": "sha512-F1CBxgqwOMc4GKJ7eY22hWhBVQuMYTtqI8L0FcszYcpYX0fzfDGpez22Xau8Mgm7O9fI+zA/TYIdq3tGWfweBA==", + "version": "20.19.9", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz", + "integrity": "sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw==", "dev": true, "license": "MIT", "dependencies": { - "undici-types": "~7.13.0" + "undici-types": "~6.21.0" } }, "node_modules/@types/node-forge": { @@ -4200,7 +4200,9 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "1.1.11", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", @@ -9195,9 +9197,9 @@ } }, "node_modules/undici-types": { - "version": "7.13.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.13.0.tgz", - "integrity": "sha512-Ov2Rr9Sx+fRgagJ5AX0qvItZG/JKKoBRAVITs1zk7IqZGTJUwgUr7qoYBpWwakpWilTZFM98rG/AFRocu10iIQ==", + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", "dev": true, "license": "MIT" }, diff --git a/package.json b/package.json index 60a1f009c..e4ddef341 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@types/console-log-level": "^1.4.5", "@types/follow-redirects": "^1.14.4", "@types/js-yaml": "^4.0.9", - "@types/node": "^24.5.2", + "@types/node": "20.19.9", "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", From dddf033776a9a0e008719a5c64a93dcac144838f Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Thu, 2 Oct 2025 14:32:40 -0500 Subject: [PATCH 09/20] Revert changes to build.mjs --- build.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.mjs b/build.mjs index 9e28acbd7..05f7e0502 100644 --- a/build.mjs +++ b/build.mjs @@ -13,7 +13,7 @@ const OUT_DIR = join(__dirname, "lib"); /** * Clean the output directory before building. - * + * * @type {esbuild.Plugin} */ const cleanPlugin = { @@ -27,7 +27,7 @@ const cleanPlugin = { /** * Copy defaults.json to the output directory since other projects depend on it. - * + * * @type {esbuild.Plugin} */ const copyDefaultsPlugin = { From dd9e24a8a4b011052881abacca601159aee4b649 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 3 Oct 2025 16:27:36 +0100 Subject: [PATCH 10/20] Add more questions to the PR template --- .github/pull_request_template.md | 49 +++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 96e7f52f6..3b632d8f3 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,4 +1,13 @@ - + ### Risk assessment @@ -7,6 +16,44 @@ For internal use only. Please select the risk level of this change: - **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only. - **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production. +#### Which use cases does this change impact? + + + +- **Advanced setup** - Impacts users who have custom workflows. +- **Default setup** - Impacts users who use default setup. +- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`). +- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`). +- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`). +- **GHES** - Impacts GitHub Enterprise Server. + +#### How did/will you validate this change? + + + +- **Test repository** - This change will be tested on a test repository before merging. +- **Unit tests** - I am depending on unit test coverage (i.e. tests in `.test.ts` files). +- **End-to-end tests** - I am depending on PR checks (i.e. tests in `pr-checks`). +- **Other** - Please provide details. +- **None** - I am not validating these changes. + +#### If something goes wrong after this change is released, what are the mitigation and rollback strategies? + + + +- **Feature flags** - All new or changed code paths can be fully disabled with corresponding feature flags. +- **Rollback** - Change can only be disabled by rolling back the release or releasing a new version with a fix. +- **Other** - Please provide details. + +#### How will you know if something goes wrong after this change is released? + + + +- **Telemetry** - I rely on existing telemetry or have made changes to the telemetry. + - **Dashboards** - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release. + - **Alerts** - New or existing monitors will trip if something goes wrong with this change. +- **Other** - Please provide details. + ### Merge / deployment checklist - Confirm this change is backwards compatible with existing workflows. From 9b3ade946d34bbaaada8d43f8f902886b7e9c020 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 13:50:21 +0100 Subject: [PATCH 11/20] Rename `upload-quality-sarif.yml` workflow --- .../{__upload-quality-sarif.yml => __upload-sarif.yml} | 6 +++--- .../checks/{upload-quality-sarif.yml => upload-sarif.yml} | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename .github/workflows/{__upload-quality-sarif.yml => __upload-sarif.yml} (95%) rename pr-checks/checks/{upload-quality-sarif.yml => upload-sarif.yml} (94%) diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-sarif.yml similarity index 95% rename from .github/workflows/__upload-quality-sarif.yml rename to .github/workflows/__upload-sarif.yml index 9e1dceafc..ed92f095e 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -3,7 +3,7 @@ # pr-checks/sync.sh # to regenerate this file. -name: 'PR Check - Upload-sarif: code quality endpoint' +name: PR Check - Test different uses of `upload-sarif` env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto @@ -41,14 +41,14 @@ concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} group: ${{ github.workflow }}-${{ github.ref }} jobs: - upload-quality-sarif: + upload-sarif: strategy: fail-fast: false matrix: include: - os: ubuntu-latest version: default - name: 'Upload-sarif: code quality endpoint' + name: Test different uses of `upload-sarif` if: github.triggering_actor != 'dependabot[bot]' permissions: contents: read diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-sarif.yml similarity index 94% rename from pr-checks/checks/upload-quality-sarif.yml rename to pr-checks/checks/upload-sarif.yml index 1d4dd9d28..7f68e5507 100644 --- a/pr-checks/checks/upload-quality-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -1,4 +1,4 @@ -name: "Upload-sarif: code quality endpoint" +name: "Test different uses of `upload-sarif`" description: "Checks that uploading SARIFs to the code quality endpoint works" versions: ["default"] installGo: true From 6bdf5d3d00fd477b954432761e4dcd9d3cf02b72 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 13:56:19 +0100 Subject: [PATCH 12/20] Run `upload-sarif` check for all `analysis-kinds` values --- .github/workflows/__upload-sarif.yml | 21 +++++++++++++++++---- pr-checks/checks/upload-sarif.yml | 15 +++++++++++---- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index ed92f095e..fd98b8d64 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -48,6 +48,13 @@ jobs: include: - os: ubuntu-latest version: default + analysis-kinds: code-scanning + - os: ubuntu-latest + version: default + analysis-kinds: code-quality + - os: ubuntu-latest + version: default + analysis-kinds: code-scanning,code-quality name: Test different uses of `upload-sarif` if: github.triggering_actor != 'dependabot[bot]' permissions: @@ -74,7 +81,7 @@ jobs: with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: csharp,java,javascript,python - analysis-kinds: code-quality + analysis-kinds: ${{ matrix.analysis-kinds }} - name: Build code run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step @@ -83,13 +90,19 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 upload: never - - uses: ./../action/upload-sarif + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif id: upload-sarif with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - - name: Check output from `upload-sarif` step - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' + - name: Check output from `upload-sarif` step for `code-scanning` + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Check output from `upload-sarif` step for `code-quality` + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 7f68e5507..f40cb6794 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -1,13 +1,14 @@ name: "Test different uses of `upload-sarif`" description: "Checks that uploading SARIFs to the code quality endpoint works" versions: ["default"] +analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] installGo: true steps: - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: csharp,java,javascript,python - analysis-kinds: code-quality + analysis-kinds: ${{ matrix.analysis-kinds }} - name: Build code run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step @@ -16,11 +17,17 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' upload: never - - uses: ./../action/upload-sarif + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif id: upload-sarif with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' - - name: "Check output from `upload-sarif` step" - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' + - name: "Check output from `upload-sarif` step for `code-scanning`" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: "Check output from `upload-sarif` step for `code-quality`" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" run: exit 1 From 6f964b7776696bb9ff2cebad990817c49ecf449f Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 14:10:49 +0100 Subject: [PATCH 13/20] Cover more cases in `upload-sarif` check --- .github/workflows/__upload-sarif.yml | 42 ++++++++++++++++++++++++++++ pr-checks/checks/upload-sarif.yml | 40 ++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index fd98b8d64..7bf239e51 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -90,6 +90,7 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 upload: never + output: ${{ runner.temp }}/results - name: | Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` @@ -98,11 +99,52 @@ jobs: with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results - name: Check output from `upload-sarif` step for `code-scanning` if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) run: exit 1 - name: Check output from `upload-sarif` step for `code-quality` if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 + + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-scanning + if: contains(matrix.analysis-kinds, 'code-scanning') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.sarif + - name: Check output from `upload-single-sarif-code-scanning` step + if: contains(matrix.analysis-kinds, 'code-scanning') && + !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-quality + if: contains(matrix.analysis-kinds, 'code-quality') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + - name: Check output from `upload-single-sarif-code-quality` step + if: contains(matrix.analysis-kinds, 'code-quality') && + !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) + run: exit 1 + + - name: Change SARIF file extension + if: contains(matrix.analysis-kinds, 'code-scanning') + run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json + - name: Upload single non-`.sarif` file + uses: ./../action/upload-sarif + id: upload-single-non-sarif + if: contains(matrix.analysis-kinds, 'code-scanning') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + - name: Check output from `upload-single-non-sarif` step + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index f40cb6794..9401c49e8 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -17,6 +17,7 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' upload: never + output: ${{ runner.temp }}/results - name: | Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` @@ -25,9 +26,48 @@ steps: with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results - name: "Check output from `upload-sarif` step for `code-scanning`" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" run: exit 1 - name: "Check output from `upload-sarif` step for `code-quality`" if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" run: exit 1 + + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-scanning + if: "contains(matrix.analysis-kinds, 'code-scanning')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.sarif + - name: "Check output from `upload-single-sarif-code-scanning` step" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-quality + if: "contains(matrix.analysis-kinds, 'code-quality')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + - name: "Check output from `upload-single-sarif-code-quality` step" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)" + run: exit 1 + + - name: Change SARIF file extension + if: "contains(matrix.analysis-kinds, 'code-scanning')" + run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json + - name: Upload single non-`.sarif` file + uses: ./../action/upload-sarif + id: upload-single-non-sarif + if: "contains(matrix.analysis-kinds, 'code-scanning')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + - name: "Check output from `upload-single-non-sarif` step" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 From 22aba57acf39c63a1b4963298698fb3f7a991e17 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 14:30:30 +0100 Subject: [PATCH 14/20] Include analysis kind in `payloadSaveFile` path in `uploadPayload` --- lib/analyze-action.js | 8 ++++---- lib/init-action-post.js | 8 ++++---- lib/upload-lib.js | 8 ++++---- lib/upload-sarif-action.js | 8 ++++---- src/upload-lib.ts | 8 ++++---- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c2788900b..77f1e6f14 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -95530,12 +95530,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path18.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -95546,7 +95546,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -95780,7 +95780,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index e138420a3..6c4eb38d9 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133006,12 +133006,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path17.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -133022,7 +133022,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -133256,7 +133256,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a6342ff21..44a52209d 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -92365,12 +92365,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path14.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -92381,7 +92381,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -92663,7 +92663,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 7ad72583b..bc7a2c0ac 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93037,12 +93037,12 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); if (isInTestMode()) { const payloadSaveFile = path15.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` @@ -93053,7 +93053,7 @@ async function uploadPayload(payload, repositoryNwo, logger, target) { } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -93304,7 +93304,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/src/upload-lib.ts b/src/upload-lib.ts index cfa362b67..2559cd7ad 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -352,7 +352,7 @@ async function uploadPayload( payload: any, repositoryNwo: RepositoryNwo, logger: Logger, - target: analyses.SARIF_UPLOAD_ENDPOINT, + analysis: analyses.AnalysisConfig, ): Promise { logger.info("Uploading results"); @@ -360,7 +360,7 @@ async function uploadPayload( if (util.isInTestMode()) { const payloadSaveFile = path.join( actionsUtil.getTemporaryDirectory(), - "payload.json", + `payload-${analysis.kind}.json`, ); logger.info( `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`, @@ -373,7 +373,7 @@ async function uploadPayload( const client = api.getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload, @@ -807,7 +807,7 @@ export async function uploadSpecifiedFiles( payload, getRepositoryNwo(), logger, - uploadTarget.target, + uploadTarget, ); logger.endGroup(); From 380e002752dd3ae10c718f81ac27a53db40a2769 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 15:15:43 +0100 Subject: [PATCH 15/20] Add explicit `category` values --- .github/workflows/__upload-sarif.yml | 8 ++++++++ pr-checks/checks/upload-sarif.yml | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 7bf239e51..20b059f39 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -100,6 +100,8 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - name: Check output from `upload-sarif` step for `code-scanning` if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) run: exit 1 @@ -115,6 +117,8 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results/javascript.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - name: Check output from `upload-single-sarif-code-scanning` step if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) @@ -127,6 +131,8 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - name: Check output from `upload-single-sarif-code-quality` step if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) @@ -143,6 +149,8 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - name: Check output from `upload-single-non-sarif` step if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) run: exit 1 diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 9401c49e8..840e76501 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -27,6 +27,8 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - name: "Check output from `upload-sarif` step for `code-scanning`" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" run: exit 1 @@ -42,6 +44,8 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results/javascript.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - name: "Check output from `upload-single-sarif-code-scanning` step" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)" run: exit 1 @@ -53,6 +57,8 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - name: "Check output from `upload-single-sarif-code-quality` step" if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)" run: exit 1 @@ -68,6 +74,8 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - name: "Check output from `upload-single-non-sarif` step" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)" run: exit 1 From 14c5d77032ee3effd4fd42710395800466c8d7cb Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 15:28:40 +0100 Subject: [PATCH 16/20] Fix: Update `payload.json` path in `with-checkout-path` test --- .github/workflows/__with-checkout-path.yml | 13 +++++++------ pr-checks/checks/with-checkout-path.yml | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index e12c9846a..e706b5d39 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -103,29 +103,30 @@ jobs: - name: Verify SARIF after upload run: | + PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi env: diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 641dcf220..d0662be01 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -37,28 +37,29 @@ steps: - name: Verify SARIF after upload run: | + PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi From dabf6fc57806f7dec50430fd9193732fbdd276c5 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 15:40:35 +0100 Subject: [PATCH 17/20] Adjust step names to be clearer --- .github/workflows/__upload-sarif.yml | 12 ++++++------ pr-checks/checks/upload-sarif.yml | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 20b059f39..91a1af5e0 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -102,10 +102,10 @@ jobs: sarif_file: ${{ runner.temp }}/results category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - - name: Check output from `upload-sarif` step for `code-scanning` + - name: Fail for missing output from `upload-sarif` step for `code-scanning` if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) run: exit 1 - - name: Check output from `upload-sarif` step for `code-quality` + - name: Fail for missing output from `upload-sarif` step for `code-quality` if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 @@ -119,11 +119,11 @@ jobs: sarif_file: ${{ runner.temp }}/results/javascript.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - - name: Check output from `upload-single-sarif-code-scanning` step + - name: Fail for missing output from `upload-single-sarif-code-scanning` step if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) run: exit 1 - - name: Upload single SARIF file for Code Scanning + - name: Upload single SARIF file for Code Quality uses: ./../action/upload-sarif id: upload-single-sarif-code-quality if: contains(matrix.analysis-kinds, 'code-quality') @@ -133,7 +133,7 @@ jobs: sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - - name: Check output from `upload-single-sarif-code-quality` step + - name: Fail for missing output from `upload-single-sarif-code-quality` step if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) run: exit 1 @@ -151,7 +151,7 @@ jobs: sarif_file: ${{ runner.temp }}/results/javascript.sarif.json category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - - name: Check output from `upload-single-non-sarif` step + - name: Fail for missing output from `upload-single-non-sarif` step if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) run: exit 1 env: diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 840e76501..1801a2740 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -29,10 +29,10 @@ steps: sarif_file: ${{ runner.temp }}/results category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - - name: "Check output from `upload-sarif` step for `code-scanning`" + - name: "Fail for missing output from `upload-sarif` step for `code-scanning`" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" run: exit 1 - - name: "Check output from `upload-sarif` step for `code-quality`" + - name: "Fail for missing output from `upload-sarif` step for `code-quality`" if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" run: exit 1 @@ -46,10 +46,10 @@ steps: sarif_file: ${{ runner.temp }}/results/javascript.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - - name: "Check output from `upload-single-sarif-code-scanning` step" + - name: "Fail for missing output from `upload-single-sarif-code-scanning` step" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)" run: exit 1 - - name: Upload single SARIF file for Code Scanning + - name: Upload single SARIF file for Code Quality uses: ./../action/upload-sarif id: upload-single-sarif-code-quality if: "contains(matrix.analysis-kinds, 'code-quality')" @@ -59,7 +59,7 @@ steps: sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - - name: "Check output from `upload-single-sarif-code-quality` step" + - name: "Fail for missing output from `upload-single-sarif-code-quality` step" if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)" run: exit 1 @@ -76,6 +76,6 @@ steps: sarif_file: ${{ runner.temp }}/results/javascript.sarif.json category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - - name: "Check output from `upload-single-non-sarif` step" + - name: "Fail for missing output from `upload-single-non-sarif` step" if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)" run: exit 1 From b66db86c847a6b3b82d6036b8ef090a869d23fcd Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Mon, 6 Oct 2025 11:40:43 -0500 Subject: [PATCH 18/20] Hoist CHANGELOG note back to "UNRELEASED" section. --- CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 322b76a84..37bca4058 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.6 - 02 Oct 2025 @@ -20,7 +20,6 @@ No user facing changes. - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. [#3107](https://github.com/github/codeql-action/pull/3107) - You can now run the latest CodeQL nightly bundle by passing `tools: nightly` to the `init` action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. [#3130](https://github.com/github/codeql-action/pull/3130) - Update default CodeQL bundle version to 2.23.1. [#3118](https://github.com/github/codeql-action/pull/3118) -- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) ## 3.30.3 - 10 Sep 2025 From ff23a55f4d15e7dc85b3c07d33dd1bdf88fe8fad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 17:02:21 +0000 Subject: [PATCH 19/20] Bump the npm group with 4 updates Bumps the npm group with 4 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript](https://github.com/microsoft/TypeScript). Updates `@eslint/js` from 9.36.0 to 9.37.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js) Updates `@typescript-eslint/eslint-plugin` from 8.44.1 to 8.45.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.44.1 to 8.45.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/parser) Updates `typescript` from 5.9.2 to 5.9.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml) - [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.2...v5.9.3) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 9.37.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.45.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-version: 8.45.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] --- package-lock.json | 220 +++++++++++++++++++++++----------------------- package.json | 6 +- 2 files changed, 113 insertions(+), 113 deletions(-) diff --git a/package-lock.json b/package-lock.json index 911e99ad4..99ac038b9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -40,7 +40,7 @@ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -51,7 +51,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.25.10", @@ -64,7 +64,7 @@ "glob": "^11.0.3", "nock": "^14.0.10", "sinon": "^21.0.0", - "typescript": "^5.9.2" + "typescript": "^5.9.3" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -1346,9 +1346,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.36.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz", - "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==", + "version": "9.37.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz", + "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==", "dev": true, "license": "MIT", "engines": { @@ -2712,17 +2712,17 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.1.tgz", - "integrity": "sha512-molgphGqOBT7t4YKCSkbasmu1tb1MgrZ2szGzHbclF7PNmOkSTQVHy+2jXOSnxvR3+Xe1yySHFZoqMpz3TfQsw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.45.0.tgz", + "integrity": "sha512-HC3y9CVuevvWCl/oyZuI47dOeDF9ztdMEfMH8/DW/Mhwa9cCLnK1oD7JoTVGW/u7kFzNZUKUoyJEqkaJh5y3Wg==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/type-utils": "8.44.1", - "@typescript-eslint/utils": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/type-utils": "8.45.0", + "@typescript-eslint/utils": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -2736,20 +2736,20 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.44.1", + "@typescript-eslint/parser": "^8.45.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz", + "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2760,9 +2760,9 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -2774,16 +2774,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz", + "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.45.0", + "@typescript-eslint/tsconfig-utils": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2803,16 +2803,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz", - "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.45.0.tgz", + "integrity": "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1" + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2827,13 +2827,13 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz", + "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2906,16 +2906,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.1.tgz", - "integrity": "sha512-EHrrEsyhOhxYt8MTg4zTF+DJMuNBzWwgvvOYNj/zm1vnaD/IC5zCXFehZv94Piqa2cRFfXrTFxIvO95L7Qc/cw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.45.0.tgz", + "integrity": "sha512-TGf22kon8KW+DeKaUmOibKWktRY8b2NSAZNdtWh798COm1NWx8+xJ6iFBtk3IvLdv6+LGLJLRlyhrhEDZWargQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4" }, "engines": { @@ -2931,14 +2931,14 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz", + "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2949,9 +2949,9 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -2963,16 +2963,16 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz", + "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.45.0", + "@typescript-eslint/tsconfig-utils": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2992,13 +2992,13 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz", + "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -3062,14 +3062,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.1.tgz", - "integrity": "sha512-ycSa60eGg8GWAkVsKV4E6Nz33h+HjTXbsDT4FILyL8Obk5/mx4tbvCNsLf9zret3ipSumAOG89UcCs/KRaKYrA==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.45.0.tgz", + "integrity": "sha512-3pcVHwMG/iA8afdGLMuTibGR7pDsn9RjDev6CCB+naRsSYs2pns5QbinF4Xqw6YC/Sj3lMrm/Im0eMfaa61WUg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.44.1", - "@typescript-eslint/types": "^8.44.1", + "@typescript-eslint/tsconfig-utils": "^8.45.0", + "@typescript-eslint/types": "^8.45.0", "debug": "^4.3.4" }, "engines": { @@ -3084,9 +3084,9 @@ } }, "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -3116,9 +3116,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.1.tgz", - "integrity": "sha512-B5OyACouEjuIvof3o86lRMvyDsFwZm+4fBOqFHccIctYgBjqR3qT39FBYGN87khcgf0ExpdCBeGKpKRhSFTjKQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.45.0.tgz", + "integrity": "sha512-aFdr+c37sc+jqNMGhH+ajxPXwjv9UtFZk79k8pLoJ6p4y0snmYpPA52GuWHgt2ZF4gRRW6odsEj41uZLojDt5w==", "dev": true, "license": "MIT", "engines": { @@ -3133,15 +3133,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.1.tgz", - "integrity": "sha512-KdEerZqHWXsRNKjF9NYswNISnFzXfXNDfPxoTh7tqohU/PRIbwTmsjGK6V9/RTYWau7NZvfo52lgVk+sJh0K3g==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.45.0.tgz", + "integrity": "sha512-bpjepLlHceKgyMEPglAeULX1vixJDgaKocp0RVJ5u4wLJIMNuKtUXIczpJCPcn2waII0yuvks/5m5/h3ZQKs0A==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1", - "@typescript-eslint/utils": "8.44.1", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0", + "@typescript-eslint/utils": "8.45.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -3158,14 +3158,14 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz", + "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3176,9 +3176,9 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz", + "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==", "dev": true, "license": "MIT", "engines": { @@ -3190,16 +3190,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz", + "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.45.0", + "@typescript-eslint/tsconfig-utils": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/visitor-keys": "8.45.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -3219,16 +3219,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz", - "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.45.0.tgz", + "integrity": "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1" + "@typescript-eslint/scope-manager": "8.45.0", + "@typescript-eslint/types": "8.45.0", + "@typescript-eslint/typescript-estree": "8.45.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3243,13 +3243,13 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.45.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz", + "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.45.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -9043,9 +9043,9 @@ } }, "node_modules/typescript": { - "version": "5.9.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz", - "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==", + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", "bin": { diff --git a/package.json b/package.json index 32b427bb4..de76813dc 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -66,7 +66,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.25.10", @@ -79,7 +79,7 @@ "glob": "^11.0.3", "nock": "^14.0.10", "sinon": "^21.0.0", - "typescript": "^5.9.2" + "typescript": "^5.9.3" }, "overrides": { "@actions/tool-cache": { From 6877465dc11a53252c0a744b3aa89611fd96f555 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 17:03:52 +0000 Subject: [PATCH 20/20] Rebuild --- lib/analyze-action-post.js | 6 +++--- lib/analyze-action.js | 6 +++--- lib/autobuild-action.js | 6 +++--- lib/init-action-post.js | 6 +++--- lib/init-action.js | 6 +++--- lib/resolve-environment-action.js | 6 +++--- lib/start-proxy-action-post.js | 6 +++--- lib/start-proxy-action.js | 6 +++--- lib/upload-lib.js | 6 +++--- lib/upload-sarif-action-post.js | 6 +++--- lib/upload-sarif-action.js | 6 +++--- 11 files changed, 33 insertions(+), 33 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index a9b163bc1..78ce6d189 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c2788900b..35469b85a 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 4cde47d65..38dd5f0f7 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index e138420a3..dc6042174 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/init-action.js b/lib/init-action.js index 2f509ad0e..b30c464bd 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 67cb394e7..564b992c8 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index a52eadfc5..49d4a5dfd 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index f262402cf..6c2f32a56 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45029,7 +45029,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -45040,7 +45040,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -45053,7 +45053,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a6342ff21..5ad15cbbd 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33639,7 +33639,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -33650,7 +33650,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -33663,7 +33663,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 233b73d47..f696a04ea 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26493,7 +26493,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26504,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26517,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 7ad72583b..b46f9ad39 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32342,7 +32342,7 @@ var require_package = __commonJS({ "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32353,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.45.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32366,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": {