Skip to content

chore(deps): bump github/codeql-action from 3 to 4 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump github/codeql-action from 3 to 4 #3

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 27, 2025
edited
Loading

Bumps github/codeql-action from 3 to 4.

Release notes

Sourced from github/codeql-action's releases.

v3.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

v3.31.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

See the full CHANGELOG.md for more information.

v3.31.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.2 - 30 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

Commits
  • ce9b526 Rebuild
  • 28f4a61 Merge remote-tracking branch 'origin/main' into mergeback/v4.31.4-to-main-e12...
  • fea2500 Update changelog and version after v4.31.4
  • e12f017 Merge pull request #3312 from github/update-v4.31.4-70434f6dd
  • 249458a Merge pull request #3296 from github/mbg/dependency-caching/skip-uploads-for-...
  • c9cb6f9 Update changelog for v4.31.4
  • 726a2a0 Overlay: Increase disk storage threshold to 20GB
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 27, 2025
@harperbot
Copy link

harperbot bot commented Nov 27, 2025

HarperBot

HarperBot Analysis

Summary

This PR updates the GitHub Actions workflow file .github/workflows/pre-commit.yml to use the latest versions (v4) of the github/codeql-action/init and github/codeql-action/analyze actions, as well as the github/codeql-action/upload-sarif action. This ensures the workflow benefits from the latest features, bug fixes, and security updates provided by these actions.

Scores

  • Code Quality: 10/10
  • Maintainability: 10/10
  • Security: 10/10

Strengths

  • Upgrading to the latest versions of GitHub Actions is generally a good practice for security and maintainability.
  • The changes are straightforward and easy to understand.

Areas Needing Attention

  • N/A - The changes are simple and beneficial.

Recommendations

  • No specific recommendations. The update is beneficial.

Code Suggestions

  • Suggestions posted as inline comments below.

Next Steps

  • Merge the PR.

@dependabot
chore(deps): bump github/codeql-action from 3 to 4
4d86c1c 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github/codeql-action-4 branch from 30f3457 to 4d86c1c Compare November 27, 2025 22:48
@harperbot
Copy link

harperbot bot commented Nov 27, 2025

HarperBot

HarperBot Analysis

Summary

This pull request updates the GitHub Actions workflow file .github/workflows/pre-commit.yml to use the latest versions (v4) of the github/codeql-action/init, github/codeql-action/analyze, and github/codeql-action/upload-sarif actions. This ensures the workflow benefits from the latest features, bug fixes, and security updates provided by these actions.

Scores

  • Code Quality: 10/10
  • Maintainability: 10/10
  • Security: 10/10

Strengths

  • The update ensures the workflow uses the latest versions of the actions, which is a good practice for security and maintainability.
  • The changes are straightforward and easy to understand.

Areas Needing Attention

  • None. The update is a simple version bump.

Recommendations

  • No specific recommendations. The update is well-executed.

Code Suggestions

  • Suggestions posted as inline comments below.

Next Steps

  • Merge the pull request.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 27, 2025

Looks like github/codeql-action is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Nov 27, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/github/codeql-action-4 branch November 27, 2025 23:10
@github-project-automation github-project-automation bot moved this from Todo to Done in github-dotfiles Jan 11, 2026
@bniladridas bniladridas mentioned this pull request Jan 22, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

github-dotfiles
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants