Skip to content

Comments

Merge main into releases/v4#3494

Merged
mbg merged 84 commits intoreleases/v4from
update-v4.32.4-39ba80c47
Feb 20, 2026
Merged

Merge main into releases/v4#3494
mbg merged 84 commits intoreleases/v4from
update-v4.32.4-39ba80c47

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Feb 20, 2026
edited by mbg
Loading

Merging 39ba80c into releases/v4.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v4 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

mbg and others added 30 commits February 11, 2026 19:23
@mbg
Set keyUsage
713a293
@mbg
Explicitly sign certificate with SHA256
e8f0116
@mbg
Set more extensions
d155ebf
@mbg
Move certificate code to its own file
d636fb3
@mbg
Gate updated cert gen behind FF
b1d963e
@mbg
Add some basic unit tests
7801eda
@mbg
Fix typo in test
bc1164e
@mbg
Add csra analysis kind
9267d8d
@mbg
Enforce that only compatible kinds can be enabled concurrently
5b3261b
@mbg
Fix CodeScanning config's sarifPredicate and add test
5132eb5
@mbg
Update upload-lib tests for CSRA
406bbfc
@mbg
Remove redundant analysis kind check
8cc4d25
@mbg
Update getPrimaryAnalysis* and add test
6a17f4e
@mbg
Update PR check for csra
2de76b6
@mbg
Add csra case to addSarifExtension test
db93462
@mbg
Type the upload payload object
cbb92e7
@mbg
Add transformPayload to AnalysisConfig
0cfcceb
@mbg
Add assessment_id to CSRA payload
c48cd24
@mbg
Change assessment_id to be a number
da67096
@mbg
Add BasePayload type and derive AssessmentPayload from it
2adcb64
@mbg
Validate CODEQL_ACTION_CSRA_ASSESSMENT_ID value
0ce6420
@mbg
CSRA category does not need to be adjusted
9835994
@mbg
Extend uploadPayload tests to all analysis kinds
15a3d32
@mbg
Add RecordingLogger that keeps track of groups
edf3609
@mbg
Find all missing messages in checkExpectedLogMessages
e1933c6
@github-actions
Update changelog and version after v4.32.3
01fcdce
@github-actions
Rebuild
6bddc79
@henrymercer
Merge pull request #3480 from github/mergeback/v4.32.3-to-main-9e907b5e
ef618fe 
Mergeback v4.32.3 refs/heads/releases/v4 into main
@mbg
Use author if they are GitHub staff
64940fa
@mbg
Remove superfluous try/catch
248d797
mbg and others added 13 commits February 17, 2026 16:49
@mbg
Run java to show computed settings
906dd89
@mbg
Merge branch 'main' into mbg/start-proxy/java-env-checks
64300e4
@mbg
Fix checkExpectedLogMessages not asserting anything on success
61f7dd3
@mbg
Merge pull request #3486 from github/mbg/start-proxy/java-env-checks
015d8c7 
Log information about the runner which may affect the private registry proxy
@dependabot
Bump fast-xml-parser from 5.3.4 to 5.3.6
7407d38 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.4 to 5.3.6.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.3.4...v5.3.6)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 5.3.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
76cf404
@oscarsj
Merge pull request #3488 from github/dependabot/npm_and_yarn/fast-xml…
5e7a52f 
…-parser-5.3.6

Bump fast-xml-parser from 5.3.4 to 5.3.6
@henrymercer
Use new feature flag for repository properties
f7905e8
@mbg
Merge pull request #3492 from github/henrymercer/new-repository-prope…
50fdbb9 
…rties-ff

Use new feature flag for repository properties
@github-actions
Update default bundle to codeql-bundle-v2.24.2
d97dce6
@github-actions
Add changelog note
00150da
@mbg
Merge pull request #3493 from github/update-bundle/codeql-bundle-v2.24.2
39ba80c 
Update default bundle to 2.24.2
@github-actions
Update changelog for v4.32.4
cfda84c
@github-actions github-actions bot added the size/XXL May be extremely hard to review label Feb 20, 2026
@mbg mbg marked this pull request as ready for review February 20, 2026 13:12
@mbg mbg requested a review from a team as a code owner February 20, 2026 13:12
Copilot AI review requested due to automatic review settings February 20, 2026 13:12
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Release-branch merge PR that brings changes from main into releases/v4 for the 4.32.4 release, including version/changelog updates and the set of feature work and fixes listed in the PR description.

Changes:

  • Bump the action version to 4.32.4 and add the 4.32.4 release notes.
  • Update the default CodeQL bundle to 2.24.2.
  • Merge in feature work including new analysis kind support, proxy certificate/environment diagnostics improvements, and new feature flags (plus dependency updates).

Reviewed changes

Copilot reviewed 39 out of 45 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/upload-lib/types.ts Introduces typed payload interfaces for SARIF upload variants.
src/upload-lib.ts Uses typed payloads and adds analysis-specific payload transformation for uploads.
src/upload-lib.test.ts Updates/extends upload-lib tests for new analysis kinds and typed payloads.
src/testing-utils.ts Enhances test logging utilities (recording logger + improved assertion output).
src/start-proxy/types.ts Adds shared proxy-related types (CA, auth creds, proxy config).
src/start-proxy/environment.ts Adds runner environment inspection/logging for proxy-related settings (esp. Java).
src/start-proxy/environment.test.ts Adds unit tests for proxy environment inspection behaviors.
src/start-proxy/ca.ts Extracts CA generation and adds FF-gated certificate improvements/determinism.
src/start-proxy/ca.test.ts Adds tests for CA generation with/without the FF.
src/start-proxy-action.ts Wires in environment inspection and FF-gated improved proxy certificates.
src/setup-codeql.ts Adds FF support to force nightly tools in dynamic workflows; exports helpers/types for testing.
src/setup-codeql.test.ts Adds tests for nightly selection (explicit + forced by FF) and adjusts env setup.
src/languages.ts Adds JavaEnvVars enum for Java-related environment variable names.
src/init-action.ts Adds FF-gated Java network debugging by extending JAVA_TOOL_OPTIONS.
src/feature-flags.ts Adds new feature flags and updates repository-properties FF value to v2 string.
src/environment.ts Adds env var for risk assessment ID.
src/diagnostics.ts Allows diagnostics to be buffered before config exists (no-language diagnostics).
src/defaults.json Updates linked default CodeQL bundle/CLI versions to 2.24.2.
src/config-utils.ts Updates “primary analysis kind/config” logic to handle additional analysis kinds.
src/config-utils.test.ts Adds tests covering the updated primary analysis config selection logic.
src/analyze.ts Simplifies category handling to always use analysis.fixCategory.
src/analyze.test.ts Extends SARIF extension tests to include risk assessment extension.
src/analyses.ts Adds risk-assessment analysis kind, compatibility matrix, and upload payload transform hook.
src/analyses.test.ts Adds tests for compatibility matrix, SARIF predicate behavior, and risk assessment payload transform.
pr-checks/checks/bundle-from-nightly.yml Adds a PR check ensuring forced-nightly behavior uses a nightly bundle.
pr-checks/checks/analysis-kinds.yml Updates PR check to cover analysis-kinds including risk-assessment and adjusts artifact upload.
package.json Bumps package/action version to 4.32.4.
package-lock.json Updates lockfile for 4.32.4 and bumps fast-xml-parser to 5.3.6 (and strnum to ^2.1.2).
lib/resolve-environment-action.js Generated JS output update corresponding to TS changes and dependency bumps.
lib/defaults.json Generated defaults update matching src/defaults.json.
CHANGELOG.md Adds 4.32.4 release notes (bundle bump + proxy/nightly/java debugging notes).
.github/workflows/__bundle-from-nightly.yml Generated workflow for the new nightly-bundle PR check.
.github/workflows/__analysis-kinds.yml Generated workflow updates for expanded analysis-kinds testing.
.github/update-release-branch.py Adjusts release PR generation to prefer PR author when they’re GitHub staff.

henrymercer
henrymercer reviewed Feb 20, 2026
View reviewed changes
CHANGELOG.md Outdated
## 4.32.4 - 20 Feb 2026

- Update default CodeQL bundle version to [2.24.2](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2). [#3493](https://github.com/github/codeql-action/pull/3493)
- Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when [private package registries are configured](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone soon. [#3473](https://github.com/github/codeql-action/pull/3473)
Copy link
Contributor

@henrymercer henrymercer Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we be more specific than "soon" here?

Copy link
Member

@mbg mbg Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have changed it (conservatively and to be more specific) to "in February"

mbg and others added 2 commits February 20, 2026 13:51
@mbg @henrymercer
Apply suggestions from code review
0c20209 
Co-authored-by: Henry Mercer <henrymercer@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mbg
Apply remaining review suggestions
e5d84c8
@mbg mbg enabled auto-merge February 20, 2026 14:10
@mbg mbg merged commit 89a39a4 into releases/v4 Feb 20, 2026
254 checks passed
@mbg mbg deleted the update-v4.32.4-39ba80c47 branch February 20, 2026 14:15
@github-actions github-actions bot mentioned this pull request Feb 20, 2026
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@henrymercer henrymercer henrymercer left review comments

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees

@mbg mbg

Labels

size/XXL May be extremely hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbg @henrymercer @oscarsj