Skip to content

Bump jedis from 3.7.1 to 4.1.1#318

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/redis.clients-jedis-4.1.1
Closed

Bump jedis from 3.7.1 to 4.1.1#318
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/redis.clients-jedis-4.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 7, 2022

Copy link
Copy Markdown
Contributor

Bumps jedis from 3.7.1 to 4.1.1.

Release notes

Sourced from jedis's releases.

4.1.1

🐛 Bug Fixes

  • Fixed the problem of abnormal socket status during DNS resolution (#2849)

🧰 Maintenance

  • Fix typo in method name connectToFirstSuccsefulHost (#2853)

Contributors

We'd like to thank all the contributors who worked on this release!

Thanks @​leonchen83, @​yangbodong22011, @​andrewmcnamara for contributing.

4.1.0

🚀 New Features

Support GEOSEARCH and GEOSEARCHSTORE commands (#2771) Support new ZRANGE(STORE) (#2817) Add database and some other commands in pipeline (#2832) Subscribe in JedisCluster (UnifiedJedis) (#2828) Support cluster addslotsrange and cluster delslotsrange (#2823) Support exclusive XPENDING range from params (#2830) Support CLUSTER LINKS command (#2776) Added the BYTE|BIT option for bitcount (binary) (#2768) Added the BYTE|BIT option for bitcount (string) (#2779) Support SHUTDOWN [NOW] [FORCE] [ABORT] parameters (#2812) Support XINFO STREAM FULL (#2746) ACL patterns for Pub/Sub channels (#2750) Address ACL V2 changes (#2841) Support REPLICAOF Command (#2811) Support LOLWUT command (#2800) Support SINTERCARD Command (#2821) Support SORT_RO (#2843) Address XINFO GROUPS command name (#2802)

🧰 Changes

Tries all hosts resolved for DNS name (#2722) Fix StackOverflowError in Transaction (#2827) Polish XINFO STREAM FULL implementation (#2801) Polish #2823 (18043de) and ClusterCommandsTest (#2831) Deprecate unused interfaces (afcce7c)

Thanks @​AvitalFineRedis, @​zeekling, @​sazzad16, @​adiamzn, @​Avital-Fine for contributing.

4.0.1

🐛 Bug Fixes

  • Fix the zrevrangeByScore max/min parameter order problem in the transaction (#2765)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jedis](https://github.com/redis/jedis) from 3.7.1 to 4.1.1.
- [Release notes](https://github.com/redis/jedis/releases)
- [Commits](redis/jedis@v3.7.1...v4.1.1)

---
updated-dependencies:
- dependency-name: redis.clients:jedis
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java labels Feb 7, 2022
@dependabot @github

dependabot Bot commented on behalf of github Mar 28, 2022

Copy link
Copy Markdown
Contributor Author

Superseded by #353.

@dependabot dependabot Bot closed this Mar 28, 2022
@dependabot dependabot Bot deleted the dependabot/maven/redis.clients-jedis-4.1.1 branch March 28, 2022 04:08
mergify Bot added a commit that referenced this pull request Jun 14, 2026
….1.1 to 7.1.4 in /studio [skip ci]

Bumps [postcss-selector-parser](https://github.com/postcss/postcss-selector-parser) from 7.1.1 to 7.1.4.
Release notes

*Sourced from [postcss-selector-parser's releases](https://github.com/postcss/postcss-selector-parser/releases).*

> 7.1.4
> -----
>
> * fix: tolerate non-node children when serializing selectors
>
> 7.1.3
> -----
>
> * Improve fix CVE-2026-9358 (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 (clone/walk)
>
> 7.1.2
> -----
>
> * Fix [CVE-2026-9358](GHSA-w9m9-85wc-3x92) (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 ([#316](https://redirect.github.com/postcss/postcss-selector-parser/pull/316) by [`@​MoOx`](https://github.com/MoOx))


Changelog

*Sourced from [postcss-selector-parser's changelog](https://github.com/postcss/postcss-selector-parser/blob/main/CHANGELOG.md).*

> 7.1.4 - 2026-06-11
> ==================
>
> * fix: tolerate non-node children when serializing selectors
>
> 7.1.3 - 2026-06-11
> ==================
>
> * Improve fix CVE-2026-9358 (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 (clone/walk)
>
> 7.1.2 - 2026-06-09
> ==================
>
> * Fix [CVE-2026-9358](GHSA-w9m9-85wc-3x92) (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 ([#316](https://redirect.github.com/postcss/postcss-selector-parser/pull/316) by [`@​MoOx`](https://github.com/MoOx))


Commits

* [`4a7e4e3`](postcss/postcss-selector-parser@4a7e4e3) 7.1.4
* [`e2021c5`](postcss/postcss-selector-parser@e2021c5) fix: tolerate non-node children when serializing selectors
* [`7893b74`](postcss/postcss-selector-parser@7893b74) 7.1.3
* [`5bc698c`](postcss/postcss-selector-parser@5bc698c) Improve fix CVE-2026-9358 (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 (clo...
* [`db32327`](postcss/postcss-selector-parser@db32327) run oxfmt
* [`16e2581`](postcss/postcss-selector-parser@16e2581) simplify deps ([#319](https://redirect.github.com/postcss/postcss-selector-parser/issues/319))
* [`b185e20`](postcss/postcss-selector-parser@b185e20) Add description in package.json + full repo url
* [`de415f1`](postcss/postcss-selector-parser@de415f1) Add Tidelift security notice
* [`c4f2c8c`](postcss/postcss-selector-parser@c4f2c8c) CI: make Node 14 test job lockfile-v3 compatible ([#318](https://redirect.github.com/postcss/postcss-selector-parser/issues/318))
* [`4e93663`](postcss/postcss-selector-parser@4e93663) Fix test run on node < 20
* Additional commits viewable in [compare view](postcss/postcss-selector-parser@v7.1.1...7.1.4)

Maintainer changes

This version was pushed to npm by [moox](https://www.npmjs.com/~moox), a new releaser for postcss-selector-parser since your current version.


Install script changes

This version modifies `prepare` script that runs during installation. Review the package contents before updating.

  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=postcss-selector-parser&package-manager=npm\_and\_yarn&previous-version=7.1.1&new-version=7.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
tae898 pushed a commit to humemai/arcadedb-embedded-python that referenced this pull request Jun 28, 2026
….1.1 to 7.1.4 in /studio [skip ci]

Bumps [postcss-selector-parser](https://github.com/postcss/postcss-selector-parser) from 7.1.1 to 7.1.4.
Release notes

*Sourced from [postcss-selector-parser's releases](https://github.com/postcss/postcss-selector-parser/releases).*

> 7.1.4
> -----
>
> * fix: tolerate non-node children when serializing selectors
>
> 7.1.3
> -----
>
> * Improve fix CVE-2026-9358 (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 (clone/walk)
>
> 7.1.2
> -----
>
> * Fix [CVE-2026-9358](GHSA-w9m9-85wc-3x92) (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 ([ArcadeData#316](https://redirect.github.com/postcss/postcss-selector-parser/pull/316) by [`@​MoOx`](https://github.com/MoOx))


Changelog

*Sourced from [postcss-selector-parser's changelog](https://github.com/postcss/postcss-selector-parser/blob/main/CHANGELOG.md).*

> 7.1.4 - 2026-06-11
> ==================
>
> * fix: tolerate non-node children when serializing selectors
>
> 7.1.3 - 2026-06-11
> ==================
>
> * Improve fix CVE-2026-9358 (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 (clone/walk)
>
> 7.1.2 - 2026-06-09
> ==================
>
> * Fix [CVE-2026-9358](GHSA-w9m9-85wc-3x92) (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 ([ArcadeData#316](https://redirect.github.com/postcss/postcss-selector-parser/pull/316) by [`@​MoOx`](https://github.com/MoOx))


Commits

* [`4a7e4e3`](postcss/postcss-selector-parser@4a7e4e3) 7.1.4
* [`e2021c5`](postcss/postcss-selector-parser@e2021c5) fix: tolerate non-node children when serializing selectors
* [`7893b74`](postcss/postcss-selector-parser@7893b74) 7.1.3
* [`5bc698c`](postcss/postcss-selector-parser@5bc698c) Improve fix CVE-2026-9358 (NVD) / SNYK-JS-POSTCSSSELECTORPARSER-16873882 (clo...
* [`db32327`](postcss/postcss-selector-parser@db32327) run oxfmt
* [`16e2581`](postcss/postcss-selector-parser@16e2581) simplify deps ([ArcadeData#319](https://redirect.github.com/postcss/postcss-selector-parser/issues/319))
* [`b185e20`](postcss/postcss-selector-parser@b185e20) Add description in package.json + full repo url
* [`de415f1`](postcss/postcss-selector-parser@de415f1) Add Tidelift security notice
* [`c4f2c8c`](postcss/postcss-selector-parser@c4f2c8c) CI: make Node 14 test job lockfile-v3 compatible ([ArcadeData#318](https://redirect.github.com/postcss/postcss-selector-parser/issues/318))
* [`4e93663`](postcss/postcss-selector-parser@4e93663) Fix test run on node < 20
* Additional commits viewable in [compare view](postcss/postcss-selector-parser@v7.1.1...7.1.4)

Maintainer changes

This version was pushed to npm by [moox](https://www.npmjs.com/~moox), a new releaser for postcss-selector-parser since your current version.


Install script changes

This version modifies `prepare` script that runs during installation. Review the package contents before updating.

  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=postcss-selector-parser&package-manager=npm\_and\_yarn&previous-version=7.1.1&new-version=7.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
mergify Bot added a commit that referenced this pull request Jul 5, 2026
…updates [skip ci]

Bumps the github-actions group with 8 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `5.0.4` | `5.0.5` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.1.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.159` | `1.0.165` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 5.0.4 to 5.0.5
Release notes

*Sourced from [zgosalvez/github-actions-ensure-sha-pinned-actions's releases](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases).*

> v5.0.5
> ------
>
> What's Changed
> --------------
>
> * Bump undici from 6.24.1 to 6.27.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#317](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/317)
> * Bump actions/checkout from 6.0.2 to 6.0.3 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#316](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/316)
> * Bump jest from 30.3.0 to 30.4.2 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#315](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/315)
> * Bump eslint from 10.1.0 to 10.3.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#314](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/314)
> * Bump yaml from 2.8.3 to 2.8.4 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#313](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/313)
> * Bump actions/setup-node from 6.2.0 to 6.4.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#312](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/312)
> * Bump actions/cache from 5.0.3 to 5.0.5 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#311](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/311)
> * Bump `@​actions/core` from 3.0.0 to 3.0.1 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#310](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/310)
> * Bump `@​actions/glob` from 0.6.1 to 0.7.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#309](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/309)
> * Bump zgosalvez/github-actions-get-action-runs-using-version from 2.0.25 to 3.0.1 by [`@​dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#305](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/305)
> * Fix dependabot security alert 59 by [`@​zgosalvez`](https://github.com/zgosalvez) in [zgosalvez/github-actions-ensure-sha-pinned-actions#318](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/318)
> * Hotfix/security60 by [`@​zgosalvez`](https://github.com/zgosalvez) in [zgosalvez/github-actions-ensure-sha-pinned-actions#319](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/319)
> * Fix js-yaml dependency issue by [`@​zgosalvez`](https://github.com/zgosalvez) in [zgosalvez/github-actions-ensure-sha-pinned-actions#320](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/320)
>
> **Full Changelog**: <zgosalvez/github-actions-ensure-sha-pinned-actions@v5...v5.0.5>


Commits

* [`3db98c0`](zgosalvez/github-actions-ensure-sha-pinned-actions@3db98c0) Fix js-yaml dependency issue ([#320](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/320))
* [`6fd9901`](zgosalvez/github-actions-ensure-sha-pinned-actions@6fd9901) Hotfix/security60 ([#319](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/319))
* [`dcb5236`](zgosalvez/github-actions-ensure-sha-pinned-actions@dcb5236) Fix dependabot security alert 59 ([#318](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/318))
* [`afa7540`](zgosalvez/github-actions-ensure-sha-pinned-actions@afa7540) Bump zgosalvez/github-actions-get-action-runs-using-version ([#305](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/305))
* [`10d4404`](zgosalvez/github-actions-ensure-sha-pinned-actions@10d4404) Bump `@​actions/glob` from 0.6.1 to 0.7.0 ([#309](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/309))
* [`28363be`](zgosalvez/github-actions-ensure-sha-pinned-actions@28363be) Bump `@​actions/core` from 3.0.0 to 3.0.1 ([#310](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/310))
* [`0085b7f`](zgosalvez/github-actions-ensure-sha-pinned-actions@0085b7f) Bump actions/cache from 5.0.3 to 5.0.5 ([#311](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/311))
* [`4083b6a`](zgosalvez/github-actions-ensure-sha-pinned-actions@4083b6a) Bump actions/setup-node from 6.2.0 to 6.4.0 ([#312](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/312))
* [`c2d39dd`](zgosalvez/github-actions-ensure-sha-pinned-actions@c2d39dd) Bump yaml from 2.8.3 to 2.8.4 ([#313](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/313))
* [`13e30ef`](zgosalvez/github-actions-ensure-sha-pinned-actions@13e30ef) Bump eslint from 10.1.0 to 10.3.0 ([#314](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/314))
* Additional commits viewable in [compare view](zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236...3db98c0)
  
Updates `docker/setup-qemu-action` from 4.1.0 to 4.2.0
Release notes

*Sourced from [docker/setup-qemu-action's releases](https://github.com/docker/setup-qemu-action/releases).*

> v4.2.0
> ------
>
> * Preserve names in esbuild bundle by [`@​crazy-max`](https://github.com/crazy-max) in [docker/setup-qemu-action#311](https://redirect.github.com/docker/setup-qemu-action/pull/311)
> * Bump `@​actions/core` from 3.0.0 to 3.0.1 in [docker/setup-qemu-action#295](https://redirect.github.com/docker/setup-qemu-action/pull/295)
> * Bump `@​docker/actions-toolkit` from 0.91.0 to 0.92.0 in [docker/setup-qemu-action#315](https://redirect.github.com/docker/setup-qemu-action/pull/315)
> * Bump `@​sigstore/core` from 3.1.0 to 3.2.1 in [docker/setup-qemu-action#312](https://redirect.github.com/docker/setup-qemu-action/pull/312)
> * Bump js-yaml from 4.1.1 to 4.2.0 in [docker/setup-qemu-action#310](https://redirect.github.com/docker/setup-qemu-action/pull/310)
> * Bump tmp from 0.2.6 to 0.2.7 in [docker/setup-qemu-action#304](https://redirect.github.com/docker/setup-qemu-action/pull/304)
> * Bump undici from 6.26.0 to 6.27.0 in [docker/setup-qemu-action#308](https://redirect.github.com/docker/setup-qemu-action/pull/308)
> * Bump vite from 7.3.2 to 7.3.6 in [docker/setup-qemu-action#307](https://redirect.github.com/docker/setup-qemu-action/pull/307)
>
> **Full Changelog**: <docker/setup-qemu-action@v4.1.0...v4.2.0>


Commits

* [`96fe6ef`](docker/setup-qemu-action@96fe6ef) Merge pull request [#315](https://redirect.github.com/docker/setup-qemu-action/issues/315) from docker/dependabot/npm\_and\_yarn/docker/actions-to...
* [`31f08d3`](docker/setup-qemu-action@31f08d3) [dependabot skip] chore: update generated content
* [`4e7017a`](docker/setup-qemu-action@4e7017a) build(deps): bump `@​docker/actions-toolkit` from 0.91.0 to 0.92.0
* [`0eca235`](docker/setup-qemu-action@0eca235) Merge pull request [#314](https://redirect.github.com/docker/setup-qemu-action/issues/314) from crazy-max/fix-yarn-preapprove-actions-toolkit
* [`ea66a41`](docker/setup-qemu-action@ea66a41) chore: allow actions-toolkit to bypass yarn age gate
* [`451542b`](docker/setup-qemu-action@451542b) Merge pull request [#308](https://redirect.github.com/docker/setup-qemu-action/issues/308) from docker/dependabot/npm\_and\_yarn/undici-6.27.0
* [`532ae00`](docker/setup-qemu-action@532ae00) [dependabot skip] chore: update generated content
* [`b6f5af6`](docker/setup-qemu-action@b6f5af6) build(deps): bump undici from 6.26.0 to 6.27.0
* [`cf96b86`](docker/setup-qemu-action@cf96b86) Merge pull request [#304](https://redirect.github.com/docker/setup-qemu-action/issues/304) from docker/dependabot/npm\_and\_yarn/tmp-0.2.7
* [`f0ba643`](docker/setup-qemu-action@f0ba643) [dependabot skip] chore: update generated content
* Additional commits viewable in [compare view](docker/setup-qemu-action@0611638...96fe6ef)
  
Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0
Release notes

*Sourced from [docker/setup-buildx-action's releases](https://github.com/docker/setup-buildx-action/releases).*

> v4.2.0
> ------
>
> * Preserve names in esbuild bundle by [`@​crazy-max`](https://github.com/crazy-max) in [docker/setup-buildx-action#572](https://redirect.github.com/docker/setup-buildx-action/pull/572)
> * Bump `@​actions/core` from 3.0.0 to 3.0.1 in [docker/setup-buildx-action#551](https://redirect.github.com/docker/setup-buildx-action/pull/551)
> * Bump `@​docker/actions-toolkit` from 0.90.0 to 0.92.0 in [docker/setup-buildx-action#557](https://redirect.github.com/docker/setup-buildx-action/pull/557) [docker/setup-buildx-action#580](https://redirect.github.com/docker/setup-buildx-action/pull/580)
> * Bump `@​sigstore/core` from 3.1.0 to 3.2.1 in [docker/setup-buildx-action#573](https://redirect.github.com/docker/setup-buildx-action/pull/573)
> * Bump `@​sigstore/verify` from 3.1.0 to 3.1.1 in [docker/setup-buildx-action#576](https://redirect.github.com/docker/setup-buildx-action/pull/576)
> * Bump js-yaml from 4.1.1 to 5.2.0 in [docker/setup-buildx-action#562](https://redirect.github.com/docker/setup-buildx-action/pull/562)
> * Bump sigstore from 4.1.0 to 4.1.1 in [docker/setup-buildx-action#577](https://redirect.github.com/docker/setup-buildx-action/pull/577)
> * Bump tmp from 0.2.5 to 0.2.7 in [docker/setup-buildx-action#556](https://redirect.github.com/docker/setup-buildx-action/pull/556)
> * Bump undici from 6.25.0 to 6.27.0 in [docker/setup-buildx-action#570](https://redirect.github.com/docker/setup-buildx-action/pull/570)
> * Bump vite from 7.3.2 to 7.3.6 in [docker/setup-buildx-action#569](https://redirect.github.com/docker/setup-buildx-action/pull/569)
>
> **Full Changelog**: <docker/setup-buildx-action@v4.1.0...v4.2.0>


Commits

* [`bb05f3f`](docker/setup-buildx-action@bb05f3f) Merge pull request [#580](https://redirect.github.com/docker/setup-buildx-action/issues/580) from docker/dependabot/npm\_and\_yarn/docker/actions-to...
* [`321c814`](docker/setup-buildx-action@321c814) [dependabot skip] chore: update generated content
* [`b9a36ef`](docker/setup-buildx-action@b9a36ef) build(deps): bump `@​docker/actions-toolkit` from 0.91.0 to 0.92.0
* [`ebeab24`](docker/setup-buildx-action@ebeab24) Merge pull request [#570](https://redirect.github.com/docker/setup-buildx-action/issues/570) from docker/dependabot/npm\_and\_yarn/undici-6.27.0
* [`5c7b8ae`](docker/setup-buildx-action@5c7b8ae) [dependabot skip] chore: update generated content
* [`037e618`](docker/setup-buildx-action@037e618) build(deps): bump undici from 6.25.0 to 6.27.0
* [`66080e5`](docker/setup-buildx-action@66080e5) Merge pull request [#577](https://redirect.github.com/docker/setup-buildx-action/issues/577) from docker/dependabot/npm\_and\_yarn/sigstore-4.1.1
* [`409aef0`](docker/setup-buildx-action@409aef0) Merge pull request [#562](https://redirect.github.com/docker/setup-buildx-action/issues/562) from docker/dependabot/npm\_and\_yarn/js-yaml-4.2.0
* [`49c6e42`](docker/setup-buildx-action@49c6e42) build(deps): bump sigstore from 4.1.0 to 4.1.1
* [`2211273`](docker/setup-buildx-action@2211273) [dependabot skip] chore: update generated content
* Additional commits viewable in [compare view](docker/setup-buildx-action@d7f5e7f...bb05f3f)
  
Updates `anthropics/claude-code-action` from 1.0.159 to 1.0.165
Release notes

*Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).*

> v1.0.165
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.165>
>
> v1.0.164
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.164>
>
> v1.0.163
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.163>
>
> v1.0.162
> --------
>
> What's Changed
> --------------
>
> * Add agent-approval-check composite action by [`@​km-anthropic`](https://github.com/km-anthropic) in [anthropics/claude-code-action#1429](https://redirect.github.com/anthropics/claude-code-action/pull/1429)
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.162>
>
> v1.0.161
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.161>
>
> v1.0.160
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.160>


Commits

* [`558b1d6`](anthropics/claude-code-action@558b1d6) chore: bump Claude Code to 2.1.201 and Agent SDK to 0.3.201
* [`01872cc`](anthropics/claude-code-action@01872cc) chore: bump Claude Code to 2.1.200 and Agent SDK to 0.3.200
* [`769e3bd`](anthropics/claude-code-action@769e3bd) chore: bump Claude Code to 2.1.199 and Agent SDK to 0.3.199
* [`6c0083b`](anthropics/claude-code-action@6c0083b) chore: bump Claude Code to 2.1.198 and Agent SDK to 0.3.198
* [`846d5d8`](anthropics/claude-code-action@846d5d8) Add agent-approval-check composite action ([#1429](https://redirect.github.com/anthropics/claude-code-action/issues/1429))
* [`fad22eb`](anthropics/claude-code-action@fad22eb) chore: bump Claude Code to 2.1.197 and Agent SDK to 0.3.197
* [`4633baf`](anthropics/claude-code-action@4633baf) chore: bump Claude Code to 2.1.196 and Agent SDK to 0.3.196
* See full diff in [compare view](anthropics/claude-code-action@a92e7c7...558b1d6)
  
Updates `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3
Release notes

*Sourced from [github/codeql-action/upload-sarif's releases](https://github.com/github/codeql-action/releases).*

> v4.36.3
> -------
>
> No user facing changes.


Changelog

*Sourced from [github/codeql-action/upload-sarif's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).*

> CodeQL Action Changelog
> =======================
>
> See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
>
> [UNRELEASED]
> ------------
>
> No user facing changes.
>
> 4.36.3 - 01 Jul 2026
> --------------------
>
> No user facing changes.
>
> 4.36.2 - 04 Jun 2026
> --------------------
>
> * Cache CodeQL CLI version information across Actions steps. [#3943](https://redirect.github.com/github/codeql-action/pull/3943)
> * Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. [#3937](https://redirect.github.com/github/codeql-action/pull/3937)
> * Update default CodeQL bundle version to [2.25.6](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6). [#3948](https://redirect.github.com/github/codeql-action/pull/3948)
>
> 4.36.1 - 02 Jun 2026
> --------------------
>
> No user facing changes.
>
> 4.36.0 - 22 May 2026
> --------------------
>
> * *Breaking change*: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://redirect.github.com/github/codeql-action/pull/3894)
> * Add support for SHA-256 Git object IDs. [#3893](https://redirect.github.com/github/codeql-action/pull/3893)
> * Update default CodeQL bundle version to [2.25.5](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5). [#3926](https://redirect.github.com/github/codeql-action/pull/3926)
>
> 4.35.5 - 15 May 2026
> --------------------
>
> * We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. [#3899](https://redirect.github.com/github/codeql-action/pull/3899)
> * For performance and accuracy reasons, [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://redirect.github.com/github/codeql-action/pull/3791)
> * If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://redirect.github.com/github/codeql-action/pull/3892)
> * Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://redirect.github.com/github/codeql-action/pull/3880)
>
> 4.35.4 - 07 May 2026
> --------------------
>
> * Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://redirect.github.com/github/codeql-action/pull/3881)
>
> 4.35.3 - 01 May 2026
> --------------------
>
> * *Upcoming breaking change*: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://redirect.github.com/github/codeql-action/pull/3837)
> * Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://redirect.github.com/github/codeql-action/pull/3850)
> * Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://redirect.github.com/github/codeql-action/pull/3853)
> * Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://redirect.github.com/github/codeql-action/pull/3852)
> * Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://redirect.github.com/github/codeql-action/pull/3865)
>
> 4.35.2 - 15 Apr 2026
> --------------------
>
> * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795)

... (truncated)


Commits

* [`54f647b`](github/codeql-action@54f647b) Merge pull request [#3984](https://redirect.github.com/github/codeql-action/issues/3984) from github/update-v4.36.3-1f34ec164
* [`e78819e`](github/codeql-action@e78819e) Trigger checks
* [`2c9d3d6`](github/codeql-action@2c9d3d6) Update changelog for v4.36.3
* [`1f34ec1`](github/codeql-action@1f34ec1) Merge pull request [#3983](https://redirect.github.com/github/codeql-action/issues/3983) from github/mbg/repo-props/ff-for-config-file-prop
* [`d5f0145`](github/codeql-action@d5f0145) Log when repository property has a value but is ignored
* [`f27f563`](github/codeql-action@f27f563) Add test for when the FF is off
* [`0025d0f`](github/codeql-action@0025d0f) Use FF
* [`f7fa18f`](github/codeql-action@f7fa18f) Add FF for config file repo property
* [`628fc3f`](github/codeql-action@628fc3f) Merge pull request [#3979](https://redirect.github.com/github/codeql-action/issues/3979) from github/henrymercer/overlay-db-cleanup-size-tele...
* [`9cfb67b`](github/codeql-action@9cfb67b) Add clarifying comments
* Additional commits viewable in [compare view](github/codeql-action@8aad20d...54f647b)
  
Updates `docker/login-action` from 4.2.0 to 4.4.0
Release notes

*Sourced from [docker/login-action's releases](https://github.com/docker/login-action/releases).*

> v4.4.0
> ------
>
> * Skip empty `registry-auth` secret mask by [`@​crazy-max`](https://github.com/crazy-max) in [docker/login-action#1035](https://redirect.github.com/docker/login-action/pull/1035)
> * Bump `@​aws-sdk/client-ecr` and `@​aws-sdk/client-ecr-public` to 3.1077.0 [docker/login-action#1034](https://redirect.github.com/docker/login-action/pull/1034)
>
> **Full Changelog**: <docker/login-action@v4.3.0...v4.4.0>
>
> v4.3.0
> ------
>
> * Preserve names in esbuild bundle by [`@​crazy-max`](https://github.com/crazy-max) in [docker/login-action#1022](https://redirect.github.com/docker/login-action/pull/1022)
> * Bump `@​aws-sdk/client-ecr` and `@​aws-sdk/client-ecr-public` to 3.1076.0 [docker/login-action#999](https://redirect.github.com/docker/login-action/pull/999) [docker/login-action#1030](https://redirect.github.com/docker/login-action/pull/1030)
> * Bump `@​docker/actions-toolkit` from 0.90.0 to 0.92.0 in [docker/login-action#1004](https://redirect.github.com/docker/login-action/pull/1004) [docker/login-action#1027](https://redirect.github.com/docker/login-action/pull/1027)
> * Bump `@​sigstore/core` from 3.1.0 to 3.2.1 in [docker/login-action#1023](https://redirect.github.com/docker/login-action/pull/1023)
> * Bump `@​sigstore/verify` from 3.1.0 to 3.1.1 in [docker/login-action#1029](https://redirect.github.com/docker/login-action/pull/1029)
> * Bump http-proxy-agent and https-proxy-agent to 9.1.0 in [docker/login-action#1017](https://redirect.github.com/docker/login-action/pull/1017)
> * Bump js-yaml from 4.1.1 to 5.2.0 in [docker/login-action#1028](https://redirect.github.com/docker/login-action/pull/1028)
> * Bump sigstore from 4.1.0 to 4.1.1 in [docker/login-action#1031](https://redirect.github.com/docker/login-action/pull/1031)
> * Bump tmp from 0.2.5 to 0.2.7 in [docker/login-action#1002](https://redirect.github.com/docker/login-action/pull/1002)
> * Bump undici from 6.24.1 to 6.27.0 in [docker/login-action#1020](https://redirect.github.com/docker/login-action/pull/1020)
> * Bump vite from 7.3.3 to 7.3.6 in [docker/login-action#1019](https://redirect.github.com/docker/login-action/pull/1019)
>
> **Full Changelog**: <docker/login-action@v4.2.0...v4.3.0>


Commits

* [`af1e73f`](docker/login-action@af1e73f) Merge pull request [#1034](https://redirect.github.com/docker/login-action/issues/1034) from docker/dependabot/npm\_and\_yarn/aws-sdk-dependen...
* [`da722bd`](docker/login-action@da722bd) [dependabot skip] chore: update generated content
* [`2916ad6`](docker/login-action@2916ad6) build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
* [`ca0a662`](docker/login-action@ca0a662) Merge pull request [#1035](https://redirect.github.com/docker/login-action/issues/1035) from crazy-max/fix-registry-auth-empty-mask
* [`c455755`](docker/login-action@c455755) chore: update generated content
* [`4835190`](docker/login-action@4835190) skip empty registry-auth secret mask
* [`992421c`](docker/login-action@992421c) Merge pull request [#1033](https://redirect.github.com/docker/login-action/issues/1033) from docker/dependabot/github\_actions/docker/bake-ac...
* [`b249b43`](docker/login-action@b249b43) Merge pull request [#1032](https://redirect.github.com/docker/login-action/issues/1032) from docker/dependabot/github\_actions/docker/bake-ac...
* [`1b67977`](docker/login-action@1b67977) build(deps): bump docker/bake-action from 7.2.0 to 7.3.0
* [`9d49d6a`](docker/login-action@9d49d6a) build(deps): bump docker/bake-action/subaction/matrix
* Additional commits viewable in [compare view](docker/login-action@650006c...af1e73f)
  
Updates `github/codeql-action/init` from 4.36.2 to 4.36.3
Release notes

*Sourced from [github/codeql-action/init's releases](https://github.com/github/codeql-action/releases).*

> v4.36.3
> -------
>
> No user facing changes.


Changelog

*Sourced from [github/codeql-action/init's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).*

> CodeQL Action Changelog
> =======================
>
> See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
>
> [UNRELEASED]
> ------------
>
> No user facing changes.
>
> 4.36.3 - 01 Jul 2026
> --------------------
>
> No user facing changes.
>
> 4.36.2 - 04 Jun 2026
> --------------------
>
> * Cache CodeQL CLI version information across Actions steps. [#3943](https://redirect.github.com/github/codeql-action/pull/3943)
> * Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. [#3937](https://redirect.github.com/github/codeql-action/pull/3937)
> * Update default CodeQL bundle version to [2.25.6](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6). [#3948](https://redirect.github.com/github/codeql-action/pull/3948)
>
> 4.36.1 - 02 Jun 2026
> --------------------
>
> No user facing changes.
>
> 4.36.0 - 22 May 2026
> --------------------
>
> * *Breaking change*: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://redirect.github.com/github/codeql-action/pull/3894)
> * Add support for SHA-256 Git object IDs. [#3893](https://redirect.github.com/github/codeql-action/pull/3893)
> * Update default CodeQL bundle version to [2.25.5](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5). [#3926](https://redirect.github.com/github/codeql-action/pull/3926)
>
> 4.35.5 - 15 May 2026
> --------------------
>
> * We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. [#3899](https://redirect.github.com/github/codeql-action/pull/3899)
> * For performance and accuracy reasons, [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://redirect.github.com/github/codeql-action/pull/3791)
> * If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://redirect.github.com/github/codeql-action/pull/3892)
> * Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://redirect.github.com/github/codeql-action/pull/3880)
>
> 4.35.4 - 07 May 2026
> --------------------
>
> * Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://redirect.github.com/github/codeql-action/pull/3881)
>
> 4.35.3 - 01 May 2026
> --------------------
>
> * *Upcoming breaking change*: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://redirect.github.com/github/codeql-action/pull/3837)
> * Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://redirect.github.com/github/codeql-action/pull/3850)
> * Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://redirect.github.com/github/codeql-action/pull/3853)
> * Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://redirect.github.com/github/codeql-action/pull/3852)
> * Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://redirect.github.com/github/codeql-action/pull/3865)
>
> 4.35.2 - 15 Apr 2026
> --------------------
>
> * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795)

... (truncated)


Commits

* [`54f647b`](github/codeql-action@54f647b) Merge pull request [#3984](https://redirect.github.com/github/codeql-action/issues/3984) from github/update-v4.36.3-1f34ec164
* [`e78819e`](github/codeql-action@e78819e) Trigger checks
* [`2c9d3d6`](github/codeql-action@2c9d3d6) Update changelog for v4.36.3
* [`1f34ec1`](github/codeql-action@1f34ec1) Merge pull request [#3983](https://redirect.github.com/github/codeql-action/issues/3983) from github/mbg/repo-props/ff-for-config-file-prop
* [`d5f0145`](github/codeql-action@d5f0145) Log when repository property has a value but is ignored
* [`f27f563`](github/codeql-action@f27f563) Add test for when the FF is off
* [`0025d0f`](github/codeql-action@0025d0f) Use FF
* [`f7fa18f`](github/codeql-action@f7fa18f) Add FF for config file repo property
* [`628fc3f`](github/codeql-action@628fc3f) Merge pull request [#3979](https://redirect.github.com/github/codeql-action/issues/3979) from github/henrymercer/overlay-db-cleanup-size-tele...
* [`9cfb67b`](github/codeql-action@9cfb67b) Add clarifying comments
* Additional commits viewable in [compare view](github/codeql-action@8aad20d...54f647b)
  
Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3
Release notes

*Sourced from [github/codeql-action/analyze's releases](https://github.com/github/codeql-action/releases).*

> v4.36.3
> -------
>
> No user facing changes.


Changelog

*Sourced from [github/codeql-action/analyze's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).*

> CodeQL Action Changelog
> =======================
>
> See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
>
> [UNRELEASED]
> ------------
>
> No user facing changes.
>
> 4.36.3 - 01 Jul 2026
> --------------------
>
> No user facing changes.
>
> 4.36.2 - 04 Jun 2026
> --------------------
>
> * Cache CodeQL CLI version information across Actions steps. [#3943](https://redirect.github.com/github/codeql-action/pull/3943)
> * Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. [#3937](https://redirect.github.com/github/codeql-action/pull/3937)
> * Update default CodeQL bundle version to [2.25.6](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6). [#3948](https://redirect.github.com/github/codeql-action/pull/3948)
>
> 4.36.1 - 02 Jun 2026
> --------------------
>
> No user facing changes.
>
> 4.36.0 - 22 May 2026
> --------------------
>
> * *Breaking change*: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://redirect.github.com/github/codeql-action/pull/3894)
> * Add support for SHA-256 Git object IDs. [#3893](https://redirect.github.com/github/codeql-action/pull/3893)
> * Update default CodeQL bundle version to [2.25.5](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5). [#3926](https://redirect.github.com/github/codeql-action/pull/3926)
>
> 4.35.5 - 15 May 2026
> --------------------
>
> * We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. [#3899](https://redirect.github.com/github/codeql-action/pull/3899)
> * For performance and accuracy reasons, [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://redirect.github.com/github/codeql-action/pull/3791)
> * If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://redirect.github.com/github/codeql-action/pull/3892)
> * Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://redirect.github.com/github/codeql-action/pull/3880)
>
> 4.35.4 - 07 May 2026
> --------------------
>
> * Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://redirect.github.com/github/codeql-action/pull/3881)
>
> 4.35.3 - 01 May 2026
> --------------------
>
> * *Upcoming breaking change*: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://redirect.github.com/github/codeql-action/pull/3837)
> * Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://redirect.github.com/github/codeql-action/pull/3850)
> * Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://redirect.github.com/github/codeql-action/pull/3853)
> * Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://redirect.github.com/github/codeql-action/pull/3852)
> * Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://redirect.github.com/github/codeql-action/pull/3865)
>
> 4.35.2 - 15 Apr 2026
> --------------------
>
> * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795)

... (truncated)


Commits

* [`54f647b`](github/codeql-action@54f647b) Merge pull request [#3984](https://redirect.github.com/github/codeql-action/issues/3984) from github/update-v4.36.3-1f34ec164
* [`e78819e`](github/codeql-action@e78819e) Trigger checks
* [`2c9d3d6`](github/codeql-action@2c9d3d6) Update changelog for v4.36.3
* [`1f34ec1`](github/codeql-action@1f34ec1) Merge pull request [#3983](https://redirect.github.com/github/codeql-action/issues/3983) from github/mbg/repo-props/ff-for-config-file-prop
* [`d5f0145`](github/codeql-action@d5f0145) Log when repository property has a value but is ignored
* [`f27f563`](github/codeql-action@f27f563) Add test for when the FF is off
* [`0025d0f`](github/codeql-action@0025d0f) Use FF
* [`f7fa18f`](github/codeql-action@f7fa18f) Add FF for config file repo property
* [`628fc3f`](github/codeql-action@628fc3f) Merge pull request [#3979](https://redirect.github.com/github/codeql-action/issues/3979) from github/henrymercer/overlay-db-cleanup-size-tele...
* [`9cfb67b`](github/codeql-action@9cfb67b) Add clarifying comments
* Additional commits viewable in [compare view](github/codeql-action@8aad20d...54f647b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants