Merge pull request #2896 from github/update-v3.28.18-b86edfc27

Merge main into releases/v3

Author: smowton

.github/workflows/post-release-mergeback.yml

@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@v2.0.2
+        uses: actions/create-github-app-token@v2.0.6
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-release-branch.yml

@@ -124,7 +124,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v2.0.2
+      uses: actions/create-github-app-token@v2.0.6
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 3.28.18 - 16 May 2025
+
+- Update default CodeQL bundle version to 2.21.3. [#2893](https://github.com/github/codeql-action/pull/2893)
+- Skip validating SARIF produced by CodeQL for improved performance. [#2894](https://github.com/github/codeql-action/pull/2894)
+- The number of threads and amount of RAM used by CodeQL can now be set via the `CODEQL_THREADS` and `CODEQL_RAM` runner environment variables. If set, these environment variables override the `threads` and `ram` inputs respectively. [#2891](https://github.com/github/codeql-action/pull/2891)
+
 ## 3.28.17 - 02 May 2025
 
 - Update default CodeQL bundle version to 2.21.2. [#2872](https://github.com/github/codeql-action/pull/2872)

README.md

@@ -70,10 +70,11 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 
 | Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
 |-----------------------|-------------------------------|--------------------|-------|
-| `v3.26.6`  | `2.18.4` | Enterprise Server 3.15 | |
-| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
-| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
-| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
+| `v3.28.12`  | `2.20.7` | Enterprise Server 3.17 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.16 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.15 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.13 | |
 
 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
 

lib/analyze.js

@@ -1 +1 @@
-{ "maximumVersion": "3.17", "minimumVersion": "3.12" }
+{ "maximumVersion": "3.17", "minimumVersion": "3.13" }

lib/analyze.js.map

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.21.2",
-    "cliVersion": "2.21.2",
-    "priorBundleVersion": "codeql-bundle-v2.21.1",
-    "priorCliVersion": "2.21.1"
+    "bundleVersion": "codeql-bundle-v2.21.3",
+    "cliVersion": "2.21.3",
+    "priorBundleVersion": "codeql-bundle-v2.21.2",
+    "priorCliVersion": "2.21.2"
 }