René's URL Explorer Experiment


Title: Bump the npm-minor group across 1 directory with 6 updates by dependabot[bot] · Pull Request #3821 · github/codeql-action · GitHub

Open Graph Title: Bump the npm-minor group across 1 directory with 6 updates by dependabot[bot] · Pull Request #3821 · github/codeql-action

X Title: Bump the npm-minor group across 1 directory with 6 updates by dependabot[bot] · Pull Request #3821 · github/codeql-action

Description: Bumps the npm-minor group with 6 updates in the / directory: Package From To @octokit/plugin-retry 8.0.3 8.1.0 jsonschema 1.4.1 1.5.0 @eslint/compat 2.0.3 2.0.4 @types/sinon 21.0.0 21.0.1 esbuild 0.27.4 0.28.0 nock 14.0.11 14.0.12 Updates @octokit/plugin-retry from 8.0.3 to 8.1.0 Release notes Sourced from @​octokit/plugin-retry's releases. v8.1.0 8.1.0 (2026-02-18) Features add types (#661) (e8bdeb7) Commits e8bdeb7 feat: add types (#661) 96f572f chore(deps): replace glob with tinyglobby (#657) 2b9b2ea build(deps): bump glob (#656) 31bd239 build(deps): lock file maintenance (#643) 58b66d1 chore(deps): update dependency node to v24 (#649) 927b598 chore(deps): update dependency prettier to v3.6.2 (#636) See full diff in compare view Maintainer changes This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​octokit/plugin-retry since your current version. Updates jsonschema from 1.4.1 to 1.5.0 Commits See full diff in compare view Updates @eslint/compat from 2.0.3 to 2.0.4 Release notes Sourced from @​eslint/compat's releases. migrate-config: v2.0.4 2.0.4 (2026-03-20) Bug Fixes update dependency @​eslint/eslintrc to ^3.3.5 (#397) (8567c19) compat: v2.0.4 2.0.4 (2026-04-03) Dependencies The following workspace dependencies were updated dependencies @​eslint/core bumped from ^1.1.1 to ^1.2.0 Changelog Sourced from @​eslint/compat's changelog. 2.0.4 (2026-04-03) Dependencies The following workspace dependencies were updated dependencies @​eslint/core bumped from ^1.1.1 to ^1.2.0 Commits fe114ee chore: release main (#413) 8863791 docs: Update README sponsors 835ddf9 docs: Update README sponsors 8cd3676 docs: Update README sponsors 4d73459 docs: Update README sponsors a6c7a26 chore: update eslint and eslint-config-eslint (#401) See full diff in compare view Updates @types/sinon from 21.0.0 to 21.0.1 Commits See full diff in compare view Updates esbuild from 0.27.4 to 0.28.0 Release notes Sourced from esbuild's releases. v0.28.0 Add support for with { type: 'text' } imports (#4435) The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example: import string from './example.txt' with { type: 'text' } console.log(string) Add integrity checks to fallback download path (#4343) Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort). This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release. Update the Go compiler from 1.25.7 to 1.26.1 This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases: It now uses the new garbage collector that comes with Go 1.26. The Go compiler is now more aggressive with allocating memory on the stack. The executable format that the Go linker uses has undergone several changes. The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. You can read the Go 1.26 release notes for more information. v0.27.7 Fix lowering of define semantics for TypeScript parameter properties (#4421) The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case: // Original code class Foo { constructor(public x = 1) {} y = 2 } // Old output (with --loader=ts --target=es2021) class Foo { constructor(x = 1) { this.x = x; __publicField(this, "y", 2); } x; } // New output (with --loader=ts --target=es2021) class Foo { ... (truncated) Changelog Sourced from esbuild's changelog. 0.28.0 Add support for with { type: 'text' } imports (#4435) The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example: import string from './example.txt' with { type: 'text' } console.log(string) Add integrity checks to fallback download path (#4343) Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort). This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release. Update the Go compiler from 1.25.7 to 1.26.1 This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases: It now uses the new garbage collector that comes with Go 1.26. The Go compiler is now more aggressive with allocating memory on the stack. The executable format that the Go linker uses has undergone several changes. The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. You can read the Go 1.26 release notes for more information. 0.27.7 Fix lowering of define semantics for TypeScript parameter properties (#4421) The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case: // Original code class Foo { constructor(public x = 1) {} y = 2 } // Old output (with --loader=ts --target=es2021) class Foo { constructor(x = 1) { this.x = x; __publicField(this, "y", 2); } x; } ... (truncated) Commits 6a794df publish 0.28.0 to npm 64ee0ea fix #4435: support with { type: text } imports ef65aee fix sort order in snapshots_packagejson.txt 1a26a8e try to fix test-old-ts, also shuffle CI tasks 556ce6c use '' instead of null to omit build hashes 8e675a8 ci: allow missing binary hashes for tests 7067763 Reapply "update go 1.25.7 => 1.26.1" 39473a9 fix #4343: integrity check for binary download 2025c9f publish 0.27.7 to npm c6b586e fix typo in Makefile for @esbuild/win32-x64 Additional commits viewable in compare view Updates nock from 14.0.11 to 14.0.12 Release notes Sourced from nock's releases. v14.0.12 14.0.12 (2026-04-05) Bug Fixes prevent crash when query params have conflicting dot-notation keys (#2958) (7ea9933) Commits 7ea9933 fix: prevent crash when query params have conflicting dot-notation keys (#2958) d00d371 chore(deps): bump picomatch e899c49 chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5 9ad19ea chore(deps): bump qs and @​definitelytyped/dtslint 657d9a1 chore(deps): bump actions/checkout from 5 to 6 (#2933) See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) @dependabot ignore minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) @dependabot ignore will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) @dependabot unignore will remove all of the ignore conditions of the specified dependency @dependabot unignore will remove the ignore condition of the specified dependency and ignore conditions

Open Graph Description: Bumps the npm-minor group with 6 updates in the / directory: Package From To @octokit/plugin-retry 8.0.3 8.1.0 jsonschema 1.4.1 1.5.0 @eslint/compat 2.0.3 2.0.4 @types/sinon 21.0.0 21....

X Description: Bumps the npm-minor group with 6 updates in the / directory: Package From To @octokit/plugin-retry 8.0.3 8.1.0 jsonschema 1.4.1 1.5.0 @eslint/compat 2.0.3 2.0.4 @types/sinon 21.0.0 21....

Opengraph URL: https://github.com/github/codeql-action/pull/3821

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:4a9f30c0-2802-02c8-bc87-5a41392df111
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idDBD2:53D51:19AEB42:24E8B40:6A4CD9CC
html-safe-nonceb15927f0d138a5f9538d02847833d47f541688942217a965512fb43334260b20
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEQkQyOjUzRDUxOjE5QUVCNDI6MjRFOEI0MDo2QTRDRDlDQyIsInZpc2l0b3JfaWQiOiIxOTM3OTg3NDgwMjMwNjE1NTAwIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmacfe2e66ebefd9fbbb7bbea66e48ee582f883ba34fb7a879dd46f40ade7e958530
hovercard-subject-tagpull_request:3524248980
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/github/codeql-action/pull/3821/files
twitter:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
og:image:altBumps the npm-minor group with 6 updates in the / directory: Package From To @octokit/plugin-retry 8.0.3 8.1.0 jsonschema 1.4.1 1.5.0 @eslint/compat 2.0.3 2.0.4 @types/sinon 21.0.0 21....
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None299b43bca6e02ad35197ffeba30d2466846d5fb02ab96fbced5b5e6cec589fb8
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/github/codeql-action git https://github.com/github/codeql-action.git
octolytics-dimension-user_id9919
octolytics-dimension-user_logingithub
octolytics-dimension-repository_id259445878
octolytics-dimension-repository_nwogithub/codeql-action
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id259445878
octolytics-dimension-repository_network_root_nwogithub/codeql-action
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release3eeb74f55ccd8a31bdaec6839577c592bbf7844c
ui-targetcanary-2
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/github/codeql-action/pull/3821/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fpull%2F3821%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fpull%2F3821%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=github%2Fcodeql-action
Reloadhttps://github.com/github/codeql-action/pull/3821/files
Reloadhttps://github.com/github/codeql-action/pull/3821/files
Reloadhttps://github.com/github/codeql-action/pull/3821/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
github https://github.com/github
codeql-actionhttps://github.com/github/codeql-action
Notifications https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Fork 470 https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Star 1.6k https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Code https://github.com/github/codeql-action
Issues 156 https://github.com/github/codeql-action/issues
Pull requests 27 https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality 2 https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Code https://github.com/github/codeql-action
Issues https://github.com/github/codeql-action/issues
Pull requests https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fgithub%2Fcodeql-action%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fgithub%2Fcodeql-action%2Fissues%2Fnew%2Fchoose
henrymercerhttps://github.com/henrymercer
mainhttps://github.com/github/codeql-action/tree/main
dependabot/npm_and_yarn/npm-minor-345b938e93https://github.com/github/codeql-action/tree/dependabot/npm_and_yarn/npm-minor-345b938e93
Conversation 2 https://github.com/github/codeql-action/pull/3821
Findings https://github.com/github/codeql-action/pull/3821/findings
Commits 2 https://github.com/github/codeql-action/pull/3821/commits
Checks 217 https://github.com/github/codeql-action/pull/3821/checks
Files changed https://github.com/github/codeql-action/pull/3821/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
Bump the npm-minor group across 1 directory with 6 updates https://github.com/github/codeql-action/pull/3821/files#top
Show all changes 2 commits https://github.com/github/codeql-action/pull/3821/files
9dd4cfe Bump the npm-minor group across 1 directory with 6 updates dependabot[bot] Apr 13, 2026 https://github.com/github/codeql-action/pull/3821/commits/9dd4cfed96030ccdfe1af4daf7a7964322704fed
f1c3393 Rebuild github-actions[bot] Apr 13, 2026 https://github.com/github/codeql-action/pull/3821/commits/f1c339364c12f922998186ed897e45e3b4ae8874
Clear filters https://github.com/github/codeql-action/pull/3821/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
analyze-action-post.js https://github.com/github/codeql-action/pull/3821/files#diff-911c5662a35b2dddfb65aeded5d3fbb4305c867e2f8988eb1d75bee9208593ab
analyze-action.js https://github.com/github/codeql-action/pull/3821/files#diff-4926d6bcb92a4de805ceb8d280f31c24cffa2445b3a36cc658e5032a0910ed15
autobuild-action.js https://github.com/github/codeql-action/pull/3821/files#diff-850bbbd46e929f29c34c186fb38aebfc228803ab6191e6a668027042620c4f30
init-action-post.js https://github.com/github/codeql-action/pull/3821/files#diff-08750c194e36e3925a63362bbc1a7207690bd44add665b7c357e9d8b1861a4e6
init-action.js https://github.com/github/codeql-action/pull/3821/files#diff-bd9b22d62f144e71ae32a07c7c5151e30b31cd76d22303745df64c9886d81342
resolve-environment-action.js https://github.com/github/codeql-action/pull/3821/files#diff-46abfbca7ce31021720a31a005df69b4d2001e8f6211629198bd996ca1624d8b
setup-codeql-action.js https://github.com/github/codeql-action/pull/3821/files#diff-48a1e0d5f2fd249f221a7fcf67cd08518a435c0710722fa28b51fa40703e39ea
start-proxy-action-post.js https://github.com/github/codeql-action/pull/3821/files#diff-097051c7f12bb5167c369a2967376b55951a4d4d95b6f9dd4e0caf70fbd89dbf
start-proxy-action.js https://github.com/github/codeql-action/pull/3821/files#diff-9ef3265f6cc827943cc3edade4225dacb911ccb9d6891b38d0e744208d0dbe99
upload-lib.js https://github.com/github/codeql-action/pull/3821/files#diff-8ea2623264a4246323c551f1b018e163d8ea00c2fed5c4f4ead1c5b9d036cfd6
upload-sarif-action-post.js https://github.com/github/codeql-action/pull/3821/files#diff-83f37f8420ffb4c89a3f6a74854bdc504b93edd5e0f7dbd73772d8f8c1f4d11e
upload-sarif-action.js https://github.com/github/codeql-action/pull/3821/files#diff-5d3767541163ba07f1a1928ef585f505845a68d6a46a26fb68fa41e19786111b
package-lock.json https://github.com/github/codeql-action/pull/3821/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519
package.json https://github.com/github/codeql-action/pull/3821/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519
https://github.com/github/codeql-action/blob/main/CODEOWNERS#L1
lib/analyze-action-post.jshttps://github.com/github/codeql-action/pull/3821/files#diff-911c5662a35b2dddfb65aeded5d3fbb4305c867e2f8988eb1d75bee9208593ab
View file https://github.com/github/codeql-action/blob/f1c339364c12f922998186ed897e45e3b4ae8874/lib/analyze-action-post.js
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
https://github.com/github/codeql-action/blob/main/CODEOWNERS#L1
lib/analyze-action.jshttps://github.com/github/codeql-action/pull/3821/files#diff-4926d6bcb92a4de805ceb8d280f31c24cffa2445b3a36cc658e5032a0910ed15
View file https://github.com/github/codeql-action/blob/f1c339364c12f922998186ed897e45e3b4ae8874/lib/analyze-action.js
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3821/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.