Skip to content
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

## [UNRELEASED]

No user facing changes.
- Fix incorrect minimum required Git version for [improved incremental analysis](https://github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://github.com/github/codeql-action/pull/3781)

Copilot AI Mar 27, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 4.35.1 changelog entry is missing the node-forge dependency security update (PR #3775). Since this release bumps node-forge to 1.4.0 to address multiple high-severity issues, it should be captured as a user-facing change (at least as a security/dependency update) in the 4.35.1 section.

Suggested change
- Fix incorrect minimum required Git version for [improved incremental analysis](https://github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://github.com/github/codeql-action/pull/3781)
- Fix incorrect minimum required Git version for [improved incremental analysis](https://github.com/github/roadmap/issues/1158): it should have been 2.36.0, not 2.11.0. [#3781](https://github.com/github/codeql-action/pull/3781)
- Updated the `node-forge` dependency to version 1.4.0 to address multiple high-severity security issues. [#3775](https://github.com/github/codeql-action/pull/3775)

Copilot uses AI. Check for mistakes.

## 4.35.0 - 27 Mar 2026

Expand Down
2 changes: 1 addition & 1 deletion lib/init-action.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions src/git-utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ import {
import { ConfigurationError, getRequiredEnvParam } from "./util";

/**
* Minimum Git version required for overlay analysis. The
* `git ls-files --recurse-submodules` option, which is used by
* `getFileOidsUnderPath`, was introduced in Git 2.11.0.
* Minimum Git version required for overlay analysis. Support for using the `git ls-files
* --recurse-submodules` option with `--stage` was added in Git 2.36.0. For more information, see
* `getFileOidsUnderPath`.
*/
export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.11.0";
export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.36.0";

/**
* Git version information
Expand Down Expand Up @@ -261,8 +261,8 @@ export const getFileOidsUnderPath = async function (
// Without the --full-name flag, the path is relative to the current working
// directory of the git command, which is basePath.
//
// We use --stage rather than --format here because --stage has been available since Git 2.11.0,
// while --format was only introduced in Git 2.38.0, which would limit overlay rollout.
// We use --stage rather than --format here because --stage has been available since Git 2.36.0,
// while --format was only introduced in Git 2.38.0.
const stdout = await runGitCommand(
basePath,
["ls-files", "--recurse-submodules", "--stage"],
Expand Down
Loading