Merge main into releases/v3 #2977
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Mergeback v3.29.2 refs/heads/releases/v3 into main
Remove support for combining SARIF runs with non-unique categories
…vements Improve JSON validation in `start-proxy` action
This commit adds overlayDatabaseMode to AugmentationProperties and creates a placeholder getOverlayDatabaseMode() function, with the necessary inputs, to populate it.
This commit populates getOverlayDatabaseMode() in config-utils with the same code from getOverlayDatabaseMode() in init.
This commit changes databaseInitCluster() to use overlayDatabaseMode from AugmentationProperties instead of the overlayDatabaseMode parameter. There is no behavior change because both overlayDatabaseMode values are computed the same way. The commit then cleans up the overlayDatabaseMode parameter and the code paths that feed into it.
This commit changes getOverlayDatabaseMode so that, when Feature.OverlayAnalysis is enabled, it calculates the overlay database mode automatically based on analysis metadata. If we are analyzing the default branch, use OverlayBase, and if we are analyzing a PR, use Overlay. If CODEQL_OVERLAY_DATABASE_MODE is set to a valid overlay database mode, that environment variable still takes precedence.
This commit adds useOverlayDatabaseCaching to AugmentationProperties to indicate whether the action should upload overlay-base databases to the actions cache and to download a cached overlay-base database when creating an overlay database.
Basic support for overlay PR analysis
…iles-ghes Unconditionally disable combining SARIF files for GHES 3.18
Fix parsing of GHES pre-release versions
Bumps the npm group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@types/node-forge](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-forge) | `1.3.11` | `1.3.12` | | [@ava/typescript](https://github.com/avajs/typescript) | `4.1.0` | `6.0.0` | | [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `1.1.1` | `1.3.1` | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.28.0` | `9.30.1` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.33.1` | `8.35.1` | | [sinon](https://github.com/sinonjs/sinon) | `20.0.0` | `21.0.0` | Updates `@types/node-forge` from 1.3.11 to 1.3.12 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node-forge) Updates `@ava/typescript` from 4.1.0 to 6.0.0 - [Release notes](https://github.com/avajs/typescript/releases) - [Commits](avajs/typescript@v4.1.0...v6.0.0) Updates `@eslint/compat` from 1.1.1 to 1.3.1 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/compat-v1.3.1/packages/compat) Updates `@eslint/js` from 9.28.0 to 9.30.1 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.30.1/packages/js) Updates `@typescript-eslint/eslint-plugin` from 8.33.1 to 8.35.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.33.1 to 8.35.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/parser) Updates `sinon` from 20.0.0 to 21.0.0 - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/commits) --- updated-dependencies: - dependency-name: "@types/node-forge" dependency-version: 1.3.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@ava/typescript" dependency-version: 6.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: "@eslint/compat" dependency-version: 1.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@eslint/js" dependency-version: 9.30.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.35.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-version: 8.35.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: sinon dependency-version: 21.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>
…acb461 Bump the npm group across 1 directory with 7 updates
Ignore pre-release parts when comparing GHES versions
Overlay: additional feature flags
Enable Feature.DiffInformedQueries
There was a problem hiding this comment.
Pull Request Overview
This PR merges changes from the main branch into the releases/v3 branch, consolidating 11 different pull requests for a v3.29.3 release. The changes primarily focus on improving SARIF file handling, overlay database management, test infrastructure, and timeout handling.
Key Changes:
- Enhanced SARIF file combination logic with new deprecation warnings and blocking features for GHES 3.18+
- Improved overlay database functionality with automatic caching and configuration management
- Strengthened test infrastructure with better timeout handling and feature flag testing capabilities
Reviewed Changes
Copilot reviewed 27 out of 2280 changed files in this pull request and generated 4 comments.
Show a summary per file
:
| File | Description |
|---|---|
| util.test.js | Added timeout cleanup to prevent resource leaks in test |
| util.js | Exported new satisfiesGHESVersion function for version checking |
| upload-lib.test.js | Added comprehensive test coverage for SARIF file combination blocking |
| upload-lib.js | Enhanced SARIF handling with new blocking logic and updated deprecation dates |
| testing-utils.js | Added feature flag stubbing capabilities and test configuration improvements |
| start-proxy.test.js | Enhanced credential validation tests with better error handling |
| start-proxy.js | Improved credential parsing with stricter validation |
| feature-flags.js | Added overlay analysis features and improved API request batching |
| config-utils.js | Major refactoring of overlay database mode configuration logic |
| Various other files | Supporting changes for overlay analysis, API compatibility, and test improvements |
mbg
approved these changes
Jul 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merging 7710ed1 into
releases/v3.Conductor for this PR is @koesie10.
Contains the following pull requests:
start-proxyaction #2956 (@mbg)Please do the following:
releases/v3branch.Create a merge commitis selected rather thanSquash and mergeorRebase and merge.