Skip to content

Merge main into releases/v3#2757

Merged
aibaars merged 24 commits intoreleases/v3from
update-v3.28.9-24e1c2d33
Feb 7, 2025
Merged

Merge main into releases/v3#2757
aibaars merged 24 commits intoreleases/v3from
update-v3.28.9-24e1c2d33

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Feb 7, 2025
edited by aibaars
Loading

Merging 24e1c2d into releases/v3.

Conductor for this PR is @aibaars.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

aeisenberg and others added 24 commits January 24, 2025 15:14
@aeisenberg
Add actions analysis to code scannign
de4457e 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
@oscarsj
Switch auth for enterprises-release repo from ssh to codeql CI token
faa23b6
@aeisenberg
Update Python version to 3.13 in workflow
9ba5bca
@oscarsj
Rename token to clarify scope
1b7bc48
@github-actions
Update changelog and version after v3.28.8
44dfd8f
@github-actions
Update checked-in dependencies
30ac3f3
@henrymercer
Merge pull request #2747 from github/mergeback/v3.28.8-to-main-dd746615
cf6550f 
Mergeback v3.28.8 refs/heads/releases/v3 into main
@aeisenberg
Use a separate config file for actions queries
50954e7
@aeisenberg
Merge pull request #2725 from github/aeisenberg/enable-actions-analysis
e9987ad 
Add actions analysis to code scanning
@aeisenberg
Merge branch 'main' into oscarsj-patch-1
dcf2d0d
@henrymercer
Pin ruby/setup-ruby Action to v1.215.0
5be1eb0
@henrymercer
Merge pull request #2748 from github/henrymercer/pin-setup-ruby
9a4ae21 
Pin `ruby/setup-ruby` Action to v1.215.0
@oscarsj
Merge pull request #2727 from github/oscarsj-patch-1
0701025 
Switch auth for enterprises-release repo from ssh to codeql CI token
@dependabot
build(deps): bump actions/create-github-app-token in the actions group
e456c53 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@c1a2851...136412a)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump the npm group with 5 updates
3e913ef 
Bumps the npm group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@octokit/types](https://github.com/octokit/types.ts) | `13.7.0` | `13.8.0` |
| [semver](https://github.com/npm/node-semver) | `7.6.3` | `7.7.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.22.0` | `8.23.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.22.0` | `8.23.0` |
| [eslint-plugin-github](https://github.com/github/eslint-plugin-github) | `5.1.5` | `5.1.7` |


Updates `@octokit/types` from 13.7.0 to 13.8.0
- [Release notes](https://github.com/octokit/types.ts/releases)
- [Commits](octokit/types.ts@v13.7.0...v13.8.0)

Updates `semver` from 7.6.3 to 7.7.0
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.6.3...v7.7.0)

Updates `@typescript-eslint/eslint-plugin` from 8.22.0 to 8.23.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.23.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.22.0 to 8.23.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.23.0/packages/parser)

Updates `eslint-plugin-github` from 5.1.5 to 5.1.7
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](github/eslint-plugin-github@v5.1.5...v5.1.7)

---
updated-dependencies:
- dependency-name: "@octokit/types"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Update checked-in dependencies
9660df3
@angelapwen
Merge pull request #2749 from github/dependabot/github_actions/action…
a8f5935 
…s-29d379cebb

build(deps): bump actions/create-github-app-token from 1.11.1 to 1.11.2 in the actions group
@angelapwen
Merge pull request #2750 from github/dependabot/npm_and_yarn/npm-768b…
ad42dbd 
…d9b555

build(deps): bump the npm group with 5 updates
@henrymercer
Send init-post status report in absence of config
cf7c687
@henrymercer
Merge pull request #2751 from github/henrymercer/fix-init-post-withou…
08bc0cf 
…t-config

Send `init-post` status report in absence of config
@github-actions
Update default bundle to codeql-bundle-v2.20.4
52189d2
@github-actions
Add changelog note
57a08c0
@aibaars
Merge pull request #2753 from github/update-bundle/codeql-bundle-v2.20.4
24e1c2d 
Update default bundle to 2.20.4
@github-actions
Update changelog for v3.28.9
43d9be6
@aibaars aibaars marked this pull request as ready for review February 7, 2025 10:22
Copilot AI review requested due to automatic review settings February 7, 2025 10:22
@aibaars aibaars requested a review from a team as a code owner February 7, 2025 10:22
Copilot AI reviewed Feb 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This pull request merges changes from main into the releases/v3 branch. The purpose is to synchronize the latest updates, including workflows, configuration files, and the CHANGELOG. Below is a quick summary of the changes made:

  • Added a new CodeQL Actions configuration file.
  • Updated the CHANGELOG with a new release version and date.
  • Updated various GitHub Actions workflows to reference newer commit SHAs and Python/Ruby versions.
  • Adjusted logic in lib/init-action-post.js to remove an early return, ensuring debug artifact behavior is handled consistently.

Changes

File Description
.github/codeql/codeql-actions-config.yml Adds a CodeQL Actions config file pointing to "security-and-quality" queries.
CHANGELOG.md Adds a new version (3.28.9) entry and notes for updating the default CodeQL bundle version.
.github/workflows/__rubocop-multi-language.yml Updates Ruby setup reference to a more specific commit for improved consistency.
.github/workflows/post-release-mergeback.yml Pins actions/create-github-app-token to a newer commit for certain release processes.
lib/init-action-post.js Removes an early return to allow additional debug artifact handling if config is undefined.
.github/workflows/update-supported-enterprise-server-versions.yml Updates Python version from 3.7 to 3.13 for enterprise server version management.
.github/workflows/update-release-branch.yml Pins actions/create-github-app-token to a newer commit for release branch updates.
.github/workflows/codeql.yml Renames build job to analyze-javascript and adds an analyze-actions job for CodeQL.

Copilot reviewed 1005 out of 1005 changed files in this pull request and generated no comments.

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more

@aibaars aibaars enabled auto-merge February 7, 2025 10:25
@aibaars aibaars merged commit 9e8d078 into releases/v3 Feb 7, 2025
262 checks passed
@aibaars aibaars deleted the update-v3.28.9-24e1c2d33 branch February 7, 2025 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@aibaars aibaars aibaars approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@aibaars aibaars

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@aibaars @aeisenberg @oscarsj @henrymercer @angelapwen