Merged
Conversation
Mergeback v3.28.13 refs/heads/releases/v3 into main
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `ruby/setup-ruby` from 1.226.0 to 1.227.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@922ebc4...1a61595) Updates `actions/create-github-app-token` from 1.11.6 to 1.11.7 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@v1.11.6...v1.11.7) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/create-github-app-token dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
…s-cbe19e082f build(deps): bump the actions group with 2 updates
Bumps the npm group with 8 updates: | Package | From | To | | --- | --- | --- | | [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache) | `4.0.2` | `4.0.3` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.8.0` | `13.10.0` | | [@eslint/eslintrc](https://github.com/eslint/eslintrc) | `3.3.0` | `3.3.1` | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.22.0` | `9.23.0` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.26.1` | `8.28.0` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.26.1` | `8.28.0` | | [eslint-import-resolver-typescript](https://github.com/import-js/eslint-import-resolver-typescript) | `3.8.3` | `3.8.7` | | [sinon](https://github.com/sinonjs/sinon) | `19.0.2` | `20.0.0` | Updates `@actions/cache` from 4.0.2 to 4.0.3 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache) Updates `@octokit/types` from 13.8.0 to 13.10.0 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.8.0...v13.10.0) Updates `@eslint/eslintrc` from 3.3.0 to 3.3.1 - [Release notes](https://github.com/eslint/eslintrc/releases) - [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md) - [Commits](eslint/eslintrc@v3.3.0...v3.3.1) Updates `@eslint/js` from 9.22.0 to 9.23.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.23.0/packages/js) Updates `@typescript-eslint/eslint-plugin` from 8.26.1 to 8.28.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.28.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.26.1 to 8.28.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.28.0/packages/parser) Updates `eslint-import-resolver-typescript` from 3.8.3 to 3.8.7 - [Release notes](https://github.com/import-js/eslint-import-resolver-typescript/releases) - [Changelog](https://github.com/import-js/eslint-import-resolver-typescript/blob/master/CHANGELOG.md) - [Commits](import-js/eslint-import-resolver-typescript@v3.8.3...v3.8.7) Updates `sinon` from 19.0.2 to 20.0.0 - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: "@actions/cache" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@eslint/eslintrc" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@eslint/js" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: eslint-import-resolver-typescript dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>
…921c2d build(deps): bump the npm group with 8 updates
getFileDiffsWithBasehead(): use CODE_SCANNING_REPOSITORY if present
This commit adds a defaultQueryFilters field to AugmentationProperties and incorporates its value into the augmented Code Scanning config. However, in this commit defaultQueryFilters is always empty, so there is not yet any actual behavior change.
…tch a string due to boundary constraints on the regex
…assification fix: change regex matching for API error to not contain regex boundaries
This commit renames the original shouldPerformDiffInformedAnalysis(), which returns `PullRequestBranches | undefined`, to getDiffInformedAnalysisBranches(). It also adds a new shouldPerformDiffInformedAnalysis() function that returns boolean. Separating these two functions makes it clear what the intended uses and return values should be for each.
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@1a61595...354a1ad) Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@v1.11.7...v1.12.0) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/create-github-app-token dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
…er designating if the analysis is third-party
Bumps the npm group with 4 updates in the / directory: [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [nock](https://github.com/nock/nock). Updates `@types/semver` from 7.5.8 to 7.7.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver) Updates `@typescript-eslint/eslint-plugin` from 8.28.0 to 8.29.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.28.0 to 8.29.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/parser) Updates `nock` from 14.0.1 to 14.0.2 - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md) - [Commits](nock/nock@v14.0.1...v14.0.2) --- updated-dependencies: - dependency-name: "@types/semver" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: nock dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>
…aca45e build(deps-dev): bump the npm group across 1 directory with 4 updates
…s-02c935407f build(deps): bump the actions group with 2 updates
…as ConfigurationError if in known error category
…better discriminate error thrown
…arif_issues feat: further error re-classification
Add logs around status report telemetry in `init-post` step
Update default bundle to 2.21.0
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR merges main into releases/v3 and integrates several refactoring and feature updates. Key changes include:
- Replacing calls to parseRepositoryNwo with the new getRepositoryNwo/getRepositoryNwoFromEnv utilities.
- Introducing diff‐informed analysis utilities, including branch extraction and diff range handling.
- Updating asynchronous behavior and error wrapping in configuration augmentation and API client methods.
Reviewed Changes
Copilot reviewed 1576 out of 1577 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| lib/status-report.test.js | Added tests for additional error handling in getActionsStatus |
| lib/status-report.js | Exposed isThirdPartyAnalysis and refactored repository NWO handling |
| lib/repository.js | Introduced getRepositoryNwo and getRepositoryNwoFromEnv |
| lib/init-action*.js, lib/init-action-post*.js, lib/init-action-post-helper.js | Replaced parseRepositoryNwo with getRepositoryNwo |
| lib/diff-informed-analysis-utils.js | Added utilities for diff‐informed analysis, providing branch extraction |
| lib/config-utils*.js | Updated calculateAugmentation to be asynchronous and added query filters |
| lib/codeql.js | Merged default query filters into the augmented configuration |
| lib/autobuild.js | Replaced repository parsing to use the new method |
| lib/api-client*.js | Updated error wrapping for API configuration errors |
| lib/analyze*.js | Refactored to use diff‐informed analysis and repository utilities |
| lib/analyze-action.js | Updated repository handling and diff‐informed analysis integration |
| CHANGELOG.md | Updated changelog with release 3.28.14 |
| Workflow files (.github/workflows/*.yml) | Upgraded GitHub action versions |
Files not reviewed (1)
- lib/defaults.json: Language not supported
Comments suppressed due to low confidence (1)
lib/config-utils.js:322
- Since calculateAugmentation is now asynchronous, please update its JSDoc to indicate that it returns a Promise and adjust any inline comments accordingly.
function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) {
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
aibaars
approved these changes
Apr 7, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merging 362ef4c into
releases/v3.Conductor for this PR is @aibaars.
Contains the following pull requests:
exclude-from-incrementalquery tag for diff-informed analysis #2831 (@cklin)init-poststep #2841 (@angelapwen)Please do the following:
releases/v3branch.Create a merge commitis selected rather thanSquash and mergeorRebase and merge.