Skip to content

Merge releases/v4 into releases/v3 #3373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
henrymercer merged 45 commits into from
Dec 16, 2025
Merged

Merge releases/v4 into releases/v3 #3373

henrymercer merged 45 commits into from
Dec 16, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 16, 2025

Merging 5d4e8d1 into releases/v3.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.
  • Wait for the "Rebuild" workflow to push a commit updating the distribution files.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.

dependabot bot and others added 30 commits December 8, 2025 17:02
@dependabot
Bump the npm-minor group with 5 updates
0ffebf7 
Bumps the npm-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.3.3` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.48.0` | `8.48.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.48.0` | `8.48.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.27.0` | `0.27.1` |
| [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `61.4.1` | `61.5.0` |


Updates `node-forge` from 1.3.2 to 1.3.3
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.2...v1.3.3)

Updates `@typescript-eslint/eslint-plugin` from 8.48.0 to 8.48.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.48.0 to 8.48.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/parser)

Updates `esbuild` from 0.27.0 to 0.27.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.0...v0.27.1)

Updates `eslint-plugin-jsdoc` from 61.4.1 to 61.5.0
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](gajus/eslint-plugin-jsdoc@v61.4.1...v61.5.0)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.48.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.48.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: esbuild
  dependency-version: 0.27.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 61.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
b73d396
@dependabot
Bump the actions-minor group across 1 directory with 2 updates
44570be 
Bumps the actions-minor group with 2 updates in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.268.0 to 1.269.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@8aeb6ff...d697be2)

Updates `actions/create-github-app-token` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.269.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
cd48547
@henrymercer
Determine CodeQL version from feature flags on GHEC-DR
7a55ffe
@henrymercer
Rename GHE_DOTCOM to GHEC_DR
1fc7d37 
This more closely reflects the published naming https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency
@henrymercer
Update PR template to include GHEC-DR
da50124
@nickrolfe
Clean up JavaMinimizeDependencyJars feature flag
805b7e1
@github-actions
Update changelog and version after v4.31.8
4564f5e
@github-actions
Rebuild
65bad62
@oscarsj
Merge pull request #3356 from github/mergeback/v4.31.8-to-main-1b168cd3
4b675e4 
Mergeback v4.31.8 refs/heads/releases/v4 into main
@henrymercer
Return status report from cleanupAndUploadDatabases
8e921c3
@henrymercer
Populate database upload results telemetry
5d063dd
@henrymercer
Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-38a2a793c5
2ac846d
@henrymercer
Merge pull request #3348 from github/dependabot/npm_and_yarn/npm-mino…
0264b51 
…r-38a2a793c5

Bump the npm-minor group with 5 updates
@henrymercer
Merge pull request #3349 from github/dependabot/github_actions/dot-gi…
7e0b77e 
…thub/workflows/actions-minor-dc476f2f5b

Bump the actions-minor group across 1 directory with 2 updates
@mbg
Make postProcessAndUploadSarif the default
b1dea65
@mbg
Remove AnalyzeUseNewUpload FF
009fe6b
@mbg
Merge branch 'main' into mbg/ff/make-new-upload-default
b30cb9a
@dependabot
Bump ruby/setup-ruby
a539068 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.269.0 to 1.270.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@d697be2...ac793fd)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.270.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/download-artifact from 6 to 7 in /.github/workflows
6dbc22c 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/upload-artifact from 5 to 6 in /.github/workflows
034374e 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
d6c1a79
@github-actions
Rebuild
7fd7db3
@mbg
Merge pull request #3309 from github/mbg/ff/make-new-upload-default
a682bbe 
Remove `AnalyzeUseNewUpload` FF and make its behaviour the default
@mbg
Merge pull request #3366 from github/dependabot/github_actions/dot-gi…
07cd437 
…thub/workflows/actions/upload-artifact-6

Bump actions/upload-artifact from 5 to 6 in /.github/workflows
@mbg
Merge pull request #3364 from github/dependabot/github_actions/dot-gi…
d0ad1da 
…thub/workflows/actions-minor-8751820eb1

Bump ruby/setup-ruby from 1.269.0 to 1.270.0 in /.github/workflows in the actions-minor group across 1 directory
@mbg
Merge branch 'main' into dependabot/github_actions/dot-github/workflo…
c2d4383 
…ws/actions/download-artifact-7
@mbg
Merge pull request #3365 from github/dependabot/github_actions/dot-gi…
b5e1a28 
…thub/workflows/actions/download-artifact-7

Bump actions/download-artifact from 6 to 7 in /.github/workflows
@henrymercer
Use full names for GitHub variants
a2ee53c
henrymercer and others added 11 commits December 16, 2025 15:41
@henrymercer
Rename isOverlayBase
19c7f96
@henrymercer
Merge branch 'main' into henrymercer/database-upload-telemetry
e962687
@nickrolfe
Extract version number to constant
d29eddb
@henrymercer
Merge pull request #3358 from github/henrymercer/database-upload-tele…
5eb7519 
…metry

Add status report for uploading databases to API
@nickrolfe
Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup
998798e 
Clean up `JavaMinimizeDependencyJars` feature flag
@github-actions
Update changelog for v4.31.9
1dc115f
@henrymercer
Merge pull request #3371 from github/update-v4.31.9-998798e34
5d4e8d1 
Merge main into releases/v4
@github-actions
Revert "Update version and changelog for v3.31.8"
e7c7a2d 
This reverts commit 5676d1f.
@github-actions
Revert "Rebuild"
4f34645 
This reverts commit 7495131.
@github-actions
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.31…
7348876 
….9-5d4e8d1ac
@github-actions
Update version and changelog for v3.31.9
d300581
@github-actions github-actions bot added the Rebuild Re-transpile JS & re-generate workflows label Dec 16, 2025
@henrymercer henrymercer added Rebuild Re-transpile JS & re-generate workflows and removed Rebuild Re-transpile JS & re-generate workflows labels Dec 16, 2025
@github-actions github-actions bot removed the Rebuild Re-transpile JS & re-generate workflows label Dec 16, 2025
@github-actions
Copy link
Contributor Author

github-actions bot commented Dec 16, 2025

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.

@henrymercer henrymercer marked this pull request as ready for review December 16, 2025 18:53
@henrymercer henrymercer requested a review from a team as a code owner December 16, 2025 18:53
Copilot AI review requested due to automatic review settings December 16, 2025 18:53
@github-actions github-actions bot added the size/L May be hard to review label Dec 16, 2025
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR merges changes from releases/v4 into releases/v3, primarily including refactoring of GitHub variant types from numeric enums to string enums, removal of deprecated feature flags, and various dependency updates.

Key Changes:

  • Refactored GitHubVariant enum from numeric values to descriptive string values with JSDoc comments
  • Removed two deprecated feature flags: AnalyzeUseNewUpload and JavaMinimizeDependencyJars
  • Added database upload telemetry tracking with new DatabaseUploadResult interface
  • Updated multiple dependencies including node-forge, esbuild, eslint-plugin-jsdoc, and various GitHub Actions

Reviewed changes

Copilot reviewed 47 out of 48 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/util.ts Refactored GitHubVariant enum from numeric to string values with documentation
src/util.test.ts Updated test helper to use new string enum values
src/setup-codeql.ts Changed condition to check specifically for GHES variant
src/init-action.ts Removed JavaMinimizeDependencyJars feature flag, replaced with direct CodeQL version check
src/feature-flags.ts Removed two deprecated feature flags and refactored variant checking
src/feature-flags.test.ts Updated tests for GHEC-DR and wrapped in loop for DRY
src/dependency-caching.ts Removed Java JAR minimization feature flag logic
src/dependency-caching.test.ts Removed tests for deleted feature flag
src/database-upload.ts Added DatabaseUploadResult interface and telemetry collection
src/database-upload.test.ts Updated test expectation for error message formatting
src/api-client.ts Updated to use new string enum value
src/api-client.test.ts Updated test descriptions and assertions
src/analyze-action.ts Removed AnalyzeUseNewUpload feature flag and simplified upload logic
pr-checks/checks/*.yml Updated ruby/setup-ruby and actions/upload-artifact versions
package.json Bumped version to 3.31.9 and updated dependencies
package-lock.json Updated lockfile with new dependency versions
CHANGELOG.md Added entry for version 3.31.9
.github/workflows/*.yml Updated actions/create-github-app-token and actions/download-artifact versions
.github/pull_request_template.md Clarified Dotcom environment description

@henrymercer henrymercer merged commit 45c3735 into releases/v3 Dec 16, 2025
240 checks passed
@henrymercer henrymercer deleted the backport-v3.31.9-5d4e8d1ac branch December 16, 2025 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

@henrymercer henrymercer

Labels

size/L May be hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@henrymercer @nickrolfe @oscarsj @mbg