build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 #42621
CI (Envoy) / Envoy/Checks
succeeded
Dec 15, 2025 in 14m 58s
Envoy/Checks (success)
Check has finished
Details
Check run finished (success ✔️)
The check run can be viewed here:
Envoy/Checks (pr/42621/main@8450e22)
Check started by
Request (pr/42621/main@8450e22)
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110){kind=small}
8450e22 
#42621 merge main@e31a656
build(deps): bump github/codeql-action from 4.31.7 to 4.31.8
Bumps github/codeql-action from 4.31.7 to 4.31.8.
Release notes
Sourced from github/codeql-action's releases.
v4.31.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
See the full CHANGELOG.md for more information.
Changelog
Sourced from github/codeql-action's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
No user facing changes.
4.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
4.31.7 - 05 Dec 2025
- Update default CodeQL bundle version to 2.23.7. #3343
4.31.6 - 01 Dec 2025
No user facing changes.
4.31.5 - 24 Nov 2025
- Update default CodeQL bundle version to 2.23.6. #3321
4.31.4 - 18 Nov 2025
No user facing changes.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
- The
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.4.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #32224.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204... (truncated)
Commits
1b168cdMerge pull request #3355 from github/update-v4.31.8-1b0b941e1120f277Update changelog for v4.31.81b0b941Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8db812c1Add changelog note2930dbaUpdate default bundle to codeql-bundle-v2.23.8c43362bMerge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier002a7f2Overlay: log overlayBaseSpecifier at debug log-level5b7e7fcUpdate src/codeql.ts149d184Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a97c2630Rebuild- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Environment
Request variables
| Key | Value |
|---|---|
| ref | f43dbd7 |
| sha | 8450e22 |
| pr | 42621 |
| base-sha | e31a656 |
| actor | @dependabot[bot] |
| message | build(deps): bump github/codeql-action from 4.31.7 to 4.31.8... |
| started | 1765778782.250149 |
| target-branch | main |
| trusted | false |
Build image
Container image/s (as used in this CI run)
| Key | Value |
|---|---|
| default | docker.io/envoyproxy/envoy-build:e0b4993c78551c1638ac00cf21d36313fe35d81d |
| mobile | docker.io/envoyproxy/envoy-build:mobile-e0b4993c78551c1638ac00cf21d36313fe35d81d |
Version
Envoy version (as used in this CI run)
| Key | Value |
|---|---|
| major | 1 |
| minor | 37 |
| patch | 0 |
| dev | true |
Loading