Skip to content

build(deps): bump github/codeql-action from 4.36.3 to 4.37.1#912

Merged
mergify[bot] merged 1 commit into
developmentfrom
dependabot/github_actions/development/github/codeql-action-4.37.1
Jul 17, 2026
Merged

build(deps): bump github/codeql-action from 4.36.3 to 4.37.1#912
mergify[bot] merged 1 commit into
developmentfrom
dependabot/github_actions/development/github/codeql-action-4.37.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps github/codeql-action from 4.36.3 to 4.37.1.

Release notes

Sourced from github/codeql-action's releases.

v4.37.1

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956
  • Update default CodeQL bundle version to 2.26.1. #4019

v4.37.0

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973
Changelog

Sourced from github/codeql-action's changelog.

4.37.1 - 16 Jul 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956
  • Update default CodeQL bundle version to 2.26.1. #4019

4.37.0 - 08 Jul 2026

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973
Commits
  • 7188fc3 Merge pull request #4020 from github/update-v4.37.1-9e7c07009
  • c8b5f69 Update changelog for v4.37.1
  • 9e7c070 Merge pull request #4014 from github/mbg/explicit-remote-prefix
  • 3492b7e Change REMOTE_PATH_PREFIX to remote=
  • 3654baa Merge remote-tracking branch 'origin/main' into mbg/explicit-remote-prefix
  • 2d682ac Merge pull request #4017 from github/dependabot/github_actions/dot-github/wor...
  • 23f6a50 Merge pull request #4009 from github/mbg/action-state/additions
  • 1ee3c75 Merge pull request #4018 from github/dependabot/github_actions/dot-github/wor...
  • e053684 Merge pull request #4015 from github/dependabot/npm_and_yarn/npm-minor-fd2e83...
  • 6803c56 Merge pull request #4019 from github/update-bundle/codeql-bundle-v2.26.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.3 to 4.37.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v4.36.3...v4.37.1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.37.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added automatic Automatically created issue or a Pull request dependencies Pull requests that update a dependency file labels Jul 17, 2026
@mergify mergify Bot added the queued label Jul 17, 2026
@mergify

mergify Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Merge Queue Status

This pull request spent 3 minutes 24 seconds in the queue, including 2 minutes 48 seconds running CI.

Required conditions to merge
  • #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • check-success=Analyze
  • check-success=Check Javadocs
  • check-success=CodeFactor
  • check-success=CodeQL
  • check-success=Run Tests
  • github-review-approved [🛡 GitHub branch protection] (documentation)
  • any of [🛡 GitHub branch protection]:
    • check-success = Run Tests
    • check-neutral = Run Tests
    • check-skipped = Run Tests
  • any of [🛡 GitHub branch protection]:
    • check-success = Check Javadocs
    • check-neutral = Check Javadocs
    • check-skipped = Check Javadocs
  • any of [🛡 GitHub branch protection]:
    • check-success = CodeFactor
    • check-neutral = CodeFactor
    • check-skipped = CodeFactor
  • any of [🛡 GitHub branch protection]:
    • check-success = CodeQL
    • check-neutral = CodeQL
    • check-skipped = CodeQL

@mergify
mergify Bot merged commit 34e3eb8 into development Jul 17, 2026
8 checks passed
@mergify
mergify Bot deleted the dependabot/github_actions/development/github/codeql-action-4.37.1 branch July 17, 2026 10:58
@mergify mergify Bot removed the queued label Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

automatic Automatically created issue or a Pull request dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants