Title: Bump the actions group with 3 updates by dependabot[bot] · Pull Request #32037 · matplotlib/matplotlib · GitHub
Open Graph Title: Bump the actions group with 3 updates by dependabot[bot] · Pull Request #32037 · matplotlib/matplotlib
X Title: Bump the actions group with 3 updates by dependabot[bot] · Pull Request #32037 · matplotlib/matplotlib
Description: Bumps the actions group with 3 updates: github/codeql-action/init, github/codeql-action/analyze and j178/prek-action.
Updates github/codeql-action/init from 4.36.2 to 4.36.3
Release notes
Sourced from github/codeql-action/init's releases.
v4.36.3
No user facing changes.
Changelog
Sourced from github/codeql-action/init's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956
4.37.0 - 08 Jul 2026
Update default CodeQL bundle version to 2.26.0. #3995
In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973
4.36.3 - 01 Jul 2026
No user facing changes.
4.36.2 - 04 Jun 2026
Cache CodeQL CLI version information across Actions steps. #3943
Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
Update default CodeQL bundle version to 2.25.6. #3948
4.36.1 - 02 Jun 2026
No user facing changes.
4.36.0 - 22 May 2026
Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
Add support for SHA-256 Git object IDs. #3893
Update default CodeQL bundle version to 2.25.5. #3926
4.35.5 - 15 May 2026
We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880
4.35.4 - 07 May 2026
Update default CodeQL bundle version to 2.25.4. #3881
4.35.3 - 01 May 2026
Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
... (truncated)
Commits
54f647b Merge pull request #3984 from github/update-v4.36.3-1f34ec164
e78819e Trigger checks
2c9d3d6 Update changelog for v4.36.3
1f34ec1 Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-prop
d5f0145 Log when repository property has a value but is ignored
f27f563 Add test for when the FF is off
0025d0f Use FF
f7fa18f Add FF for config file repo property
628fc3f Merge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...
9cfb67b Add clarifying comments
Additional commits viewable in compare view
Updates github/codeql-action/analyze from 4.36.2 to 4.36.3
Release notes
Sourced from github/codeql-action/analyze's releases.
v4.36.3
No user facing changes.
Changelog
Sourced from github/codeql-action/analyze's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956
4.37.0 - 08 Jul 2026
Update default CodeQL bundle version to 2.26.0. #3995
In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973
4.36.3 - 01 Jul 2026
No user facing changes.
4.36.2 - 04 Jun 2026
Cache CodeQL CLI version information across Actions steps. #3943
Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
Update default CodeQL bundle version to 2.25.6. #3948
4.36.1 - 02 Jun 2026
No user facing changes.
4.36.0 - 22 May 2026
Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
Add support for SHA-256 Git object IDs. #3893
Update default CodeQL bundle version to 2.25.5. #3926
4.35.5 - 15 May 2026
We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880
4.35.4 - 07 May 2026
Update default CodeQL bundle version to 2.25.4. #3881
4.35.3 - 01 May 2026
Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
... (truncated)
Commits
54f647b Merge pull request #3984 from github/update-v4.36.3-1f34ec164
e78819e Trigger checks
2c9d3d6 Update changelog for v4.36.3
1f34ec1 Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-prop
d5f0145 Log when repository property has a value but is ignored
f27f563 Add test for when the FF is off
0025d0f Use FF
f7fa18f Add FF for config file repo property
628fc3f Merge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...
9cfb67b Add clarifying comments
Additional commits viewable in compare view
Updates j178/prek-action from 2.0.4 to 2.0.5
Release notes
Sourced from j178/prek-action's releases.
v2.0.5
What's Changed
Add musl Linux target support by @j178 in j178/prek-action#156
Update known versions for prek 0.4.1 by @j178 in j178/prek-action#138
Update known versions for prek 0.4.2 by @j178 in j178/prek-action#139
Update known versions for prek 0.4.3 by @j178 in j178/prek-action#140
Update known versions for prek 0.4.4 by @j178 in j178/prek-action#145
Update known versions for prek 0.4.5 by @j178 in j178/prek-action#152
Full Changelog: j178/prek-action@v2...v2.0.5
Commits
e98a699 Add musl Linux target support (#156)
dec4adc Update known versions for prek 0.4.5 (#152)
e6d8187 Update npm dev dependencies to v4.1.7 (#149)
37182e4 Update pre-commit to v2.4.16 (#150)
446c0be Update known versions for prek 0.4.4 (#145)
502e92b Update dependency semver to v7.8.0 (#144)
5d5dbbc Update pre-commit hook biomejs/pre-commit to v2.4.15 (#142)
fa80b57 Update npm dev dependencies (#141)
de2e771 Update zizmorcore/zizmor-action action to v0.5.6 (#143)
f2700a3 Update known versions for prek 0.4.3 (#140)
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show
Open Graph Description: Bumps the actions group with 3 updates: github/codeql-action/init, github/codeql-action/analyze and j178/prek-action. Updates github/codeql-action/init from 4.36.2 to 4.36.3 Release notes Sourced ...
X Description: Bumps the actions group with 3 updates: github/codeql-action/init, github/codeql-action/analyze and j178/prek-action. Updates github/codeql-action/init from 4.36.2 to 4.36.3 Release notes Sourced ...
Opengraph URL: https://github.com/matplotlib/matplotlib/pull/32037
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:34e7ed14-2ee2-3a6b-d7b1-956e9646ea79 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | D21E:399A66:9CC779:D5EFFE:6A5395CF |
| html-safe-nonce | 42ef9fce446d7c2ba7383039641e1ef1d7cf6d5b50148ca896bc1769207a6c5c |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEMjFFOjM5OUE2Njo5Q0M3Nzk6RDVFRkZFOjZBNTM5NUNGIiwidmlzaXRvcl9pZCI6IjgzODAyMTE1NDY4Nzg2MTI5NDMiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 83f0c9e9a22e1aee58bfe6c9e289eafe5fb71d31e3a99a99df04bef86130fff2 |
| hovercard-subject-tag | pull_request:4031835409 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/matplotlib/matplotlib/pull/32037/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps the actions group with 3 updates: github/codeql-action/init, github/codeql-action/analyze and j178/prek-action. Updates github/codeql-action/init from 4.36.2 to 4.36.3 Release notes Sourced ... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | b9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/matplotlib/matplotlib git https://github.com/matplotlib/matplotlib.git |
| octolytics-dimension-user_id | 215947 |
| octolytics-dimension-user_login | matplotlib |
| octolytics-dimension-repository_id | 1385122 |
| octolytics-dimension-repository_nwo | matplotlib/matplotlib |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 1385122 |
| octolytics-dimension-repository_network_root_nwo | matplotlib/matplotlib |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 07a982c1d40157c619b364352b704c3ce66bb332 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width