build(deps): bump github/codeql-action from 3.30.0 to 4.31.7 #1901
Conversation
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 4.31.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.30.0...v4.31.7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.7 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1901 +/- ##
=======================================
Coverage 97.14% 97.14%
=======================================
Files 2 2
Lines 35 35
=======================================
Hits 34 34
Misses 1 1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
|
|
||
| # Upload the results to GitHub's code scanning dashboard. | ||
| - name: "Upload to code-scanning" | ||
| uses: github/codeql-action/upload-sarif@v3.30.0 # v1.0.26 | ||
| uses: github/codeql-action/upload-sarif@v4.31.7 # v1.0.26 | ||
| with: | ||
| sarif_file: results.sarif |
There was a problem hiding this comment.
Bug: github/codeql-action@v4+ requires Node.js v24, but workflows use Node.js v20 by default, causing failures.
Severity: CRITICAL | Confidence: High
🔍 Detailed Analysis
The github/codeql-action@v4.31.7 requires Node.js v24, but the GitHub Actions ubuntu-latest runner defaults to Node.js v20 as of December 2025. Without an explicit actions/setup-node step to specify node-version: 24, the CodeQL initialization, autobuild, analyze, and upload steps will fail. This will prevent the workflows from completing successfully.
💡 Suggested Fix
Add actions/setup-node with node-version: 24 to the workflow files before the CodeQL steps, or defer the upgrade to github/codeql-action@v4+ until after March 4, 2026.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: .github/workflows/scorecards-analysis.yml#L57-L62
Potential issue: The `github/codeql-action@v4.31.7` requires Node.js v24, but the GitHub
Actions `ubuntu-latest` runner defaults to Node.js v20 as of December 2025. Without an
explicit `actions/setup-node` step to specify `node-version: 24`, the CodeQL
initialization, autobuild, analyze, and upload steps will fail. This will prevent the
workflows from completing successfully.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 6033426
Bumps github/codeql-action from 3.30.0 to 4.31.7.
Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
cf1bb45Merge pull request #3344 from github/update-v4.31.7-f5c63faddf4ebe95Update changelog for v4.31.7f5c63faMerge pull request #3343 from github/update-bundle/codeql-bundle-v2.23.7a2c01e7Add changelog noteac34c13Update default bundle to codeql-bundle-v2.23.7267c467Merge pull request #3339 from github/dependabot/npm_and_yarn/npm-minor-77d264...aeabef7Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-77d26487b078357d3Merge pull request #3341 from github/mbg/ci/update-cs-config-cli-testsd61a6faUpdate CLI config test to account for overlay db changes on PRsce27e95RebuildDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)