Merged
Conversation
…nge-absolute-path-conversion * origin/main: (32 commits) Add changelog note Update default bundle to codeql-bundle-v2.24.3 Bump tar from 7.5.7 to 7.5.10 Rebuild Rebuild Bump actions/upload-artifact from 6 to 7 in /.github/workflows Bump actions/download-artifact from 7 to 8 in /.github/workflows Bump the npm-minor group with 2 updates Fix some tests that should be serial Update method naming and JSDoc Rename to `EnabledOverlayConfig` Address review comments Use `Result`s for enablement return types Add disabled by env var disablement reason Rename to `usesDefaultQueriesOnly` Update `NonDefaultQueries` documentation Refactor `getOverlayDatabaseMode` and add new disablement reason Address review comments Add JSDoc Sort `OverlayDisabledReason` enum ...
Mergeback v4.33.0 refs/heads/releases/v4 into main
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.4.1 to 5.5.6. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.4.1...v5.5.6) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…rsion * main: (112 commits) Rebuild Update changelog and version after v4.33.0 Add changelog entry for #3570 Bump minor version Update changelog for v4.32.7 Only emit one message with accumulated property names Remove `cache-dependency-path` options as well Remove `package-lock.json` that's no longer needed Add step (in root directory) to install dependencies Add explicit cache dependency paths in `pr-checks.yml` Fix linter errors in `sync-back.test.ts` Fix linter errors in `sync-back.ts` Rename `sync_back` to `sync-back` Fix linter errors in `sync.ts` Add eslint configuration for `pr-checks` Add minimal `Step` type Add `workspaces` to root `package.json` Avoid bundling `package.json` Move `ava` config out of `package.json` Emit warning for unrecognised repo properties with our common prefix ... # Conflicts: # lib/init-action-post.js
…e-path-conversion Move conversion of PR diff-range paths to absolute paths
…-parser-5.5.6 Bump fast-xml-parser from 5.4.1 to 5.5.6
# Conflicts: # lib/start-proxy-action.js
Disable TRAP caching when overlay is enabled
…r-a87b0427cc Bump the npm-minor group with 2 updates
…thub/workflows/actions/create-github-app-token-3.0.0 Bump actions/create-github-app-token from 2.2.1 to 3.0.0 in /.github/workflows
Wire C/C++ overlay feature flags into overlay mapping
Co-authored-by: Henry Mercer <henrymercer@github.com>
Update default bundle to 2.25.0
Feature flag: C/C++ overlay
Contributor
There was a problem hiding this comment.
Pull request overview
Release-branch merge PR that brings main changes into releases/v4, including the v4.34.0 version bump and associated feature/workflow updates.
Changes:
- Bump Action version to 4.34.0 and update the default CodeQL bundle/CLI to 2.25.0.
- Adjust diff-informed analysis diff-range path handling and corresponding SARIF alert filtering behavior.
- Add/extend overlay analysis feature flags (including C/C++) and introduce a feature-flagged behavior to disable TRAP caching when overlay analysis is enabled.
Reviewed changes
Copilot reviewed 22 out of 35 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/upload-lib.ts | Updates diff-range alert filtering to match relative-path diff ranges; exports helper for tests. |
| src/upload-lib.test.ts | Adds unit test coverage for diff-range alert filtering. |
| src/testing-utils.ts | Extends default Actions env var test setup (adds RUNNER_NAME). |
| src/testdata/valid-sarif-diff-filtered.sarif | Adds expected SARIF output fixture for diff-range filtering test. |
| src/testdata/pr-diff-range.yml | Adds expected diff-range extension-pack YAML fixture. |
| src/overlay/index.ts | Adds minimum CLI version constant for C/C++ overlay analysis. |
| src/init-action.ts | Removes legacy TRAP caching wiring from init; shifts responsibility into config utilities. |
| src/feature-flags.ts | Adds overlay-analysis feature flags for C/C++ and a flag to disable TRAP caching when overlay is enabled; reorganizes related flags. |
| src/diff-informed-analysis-utils.ts | Changes diff-range paths to be relative (repo-root) and updates docs accordingly. |
| src/diff-informed-analysis-utils.test.ts | Updates tests to expect relative diff-range paths. |
| src/defaults.json | Updates default/prior bundle and CLI versions (2.25.0 / 2.24.3). |
| src/config-utils.ts | Implements feature-flagged TRAP caching enablement logic and C/C++ TRAP caching env var setup. |
| src/config-utils.test.ts | Adds tests for new TRAP caching enablement logic; adjusts overlay-flag test to use Swift as “no overlay support” example. |
| src/codeql.ts | Removes legacy version-flag fallback and always uses --cache-cleanup for database cleanup. |
| src/analyze.ts | Moves absolute-path conversion into diff-range extension pack generation; adds testable helper for pack contents. |
| src/analyze.test.ts | Adds unit test for diff-range extension pack content generation. |
| package.json | Bumps version to 4.34.0 and updates devDependencies (@eslint/compat, typescript-eslint). |
| package-lock.json | Updates lockfile for version/dependency changes. |
| lib/upload-lib.js | Generated JS output updates corresponding to TS changes. |
| lib/defaults.json | Generated defaults JSON update corresponding to src/defaults.json. |
| CHANGELOG.md | Adds the 4.34.0 release notes entry. |
| .github/workflows/update-release-branch.yml | Updates actions/create-github-app-token to v3.0.0. |
| .github/workflows/rollback-release.yml | Updates actions/create-github-app-token to v3.0.0. |
| .github/workflows/post-release-mergeback.yml | Updates actions/create-github-app-token to v3.0.0. |
oscarsj
approved these changes
Mar 20, 2026
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merging 30c555a into
releases/v4.Conductor for this PR is @oscarsj.
Contains the following pull requests:
Please do the following:
releases/v4branch.Create a merge commitis selected rather thanSquash and mergeorRebase and merge.