Bump github/codeql-action from 3 to 4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #653 from actions/sneha-krip/readme-for-v8
2025-12-30 19:33:06 +00:00 · 2025-10-13 18:21:25 +00:00 · 2025-09-04 10:48:16 -04:00 · 2025-09-04 10:43:07 -04:00 · 2025-09-04 10:42:40 -04:00 · 2025-09-04 10:39:58 -04:00
3 changed files with 35 additions and 27 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v4

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,4 +69,4 @@ jobs:
    #   ./location_of_script_within_repo/buildscript.sh

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
--- a/README.md
+++ b/README.md
@@ -53,6 +53,14 @@ documentation.

 ## Breaking Changes

+### V8
+
+Version 8 of this action updated the runtime to Node 24 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions
+
+All scripts are now run with Node 24 instead of Node 20 and are affected by any breaking changes between Node 20 and 24.
+
+**This requires a minimum Actions Runner version of [v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1)**
+
 ### V7

 Version 7 of this action updated the runtime to Node 20 - https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-javascript-actions
@@ -91,7 +99,7 @@ and potential `SyntaxError`s when the expression is not valid JavaScript code (p
 To pass inputs, set `env` vars on the action step and reference them in your script with `process.env`:

 ```yaml
- uses: actions/github-script@v7
+- uses: actions/github-script@v8
  env:
    TITLE: ${{ github.event.pull_request.title }}
  with:
@@ -110,7 +118,7 @@ The return value of the script will be in the step's outputs under the
 "result" key.

 ```yaml
- uses: actions/github-script@v7
+- uses: actions/github-script@v8
  id: set-result
  with:
    script: return "Hello!"
@@ -129,7 +137,7 @@ output of a github-script step. For some workflows, string encoding is preferred
 `result-encoding` input:

 ```yaml
- uses: actions/github-script@v7
+- uses: actions/github-script@v8
  id: my-script
  with:
    result-encoding: string
@@ -141,7 +149,7 @@ output of a github-script step. For some workflows, string encoding is preferred
 By default, requests made with the `github` instance will not be retried. You can configure this with the `retries` option:

 ```yaml
- uses: actions/github-script@v7
+- uses: actions/github-script@v8
  id: my-script
  with:
    result-encoding: string
@@ -159,7 +167,7 @@ In this example, request failures from `github.rest.issues.get()` will be retrie
 You can also configure which status codes should be exempt from retries via the `retry-exempt-status-codes` option:

 ```yaml
- uses: actions/github-script@v7
+- uses: actions/github-script@v8
  id: my-script
  with:
    result-encoding: string
@@ -188,7 +196,7 @@ By default, github-script will use the token provided to your workflow.

 ```yaml
 - name: View context attributes
-  uses: actions/github-script@v7
+  uses: actions/github-script@v8
  with:
    script: console.log(context)
 ```
@@ -204,7 +212,7 @@ jobs:
  comment:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            github.rest.issues.createComment({
@@ -226,7 +234,7 @@ jobs:
  apply-label:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            github.rest.issues.addLabels({
@@ -248,7 +256,7 @@ jobs:
  welcome:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            // Get a list of all issues created by the PR opener
@@ -293,7 +301,7 @@ jobs:
  diff:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const diff_url = context.payload.pull_request.diff_url
@@ -317,7 +325,7 @@ jobs:
  list-issues:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const query = `query($owner:String!, $name:String!, $label:String!) {
@@ -351,7 +359,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const script = require('./path/to/script.js')
@@ -389,7 +397,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        env:
          SHA: '${{env.parentSHA}}'
        with:
@@ -433,7 +441,7 @@ jobs:
      - run: npm ci
      # or one-off:
      - run: npm install execa
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const execa = require('execa')
@@ -463,7 +471,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const { default: printStuff } = await import('${{ github.workspace }}/src/print-stuff.js')
@@ -507,7 +515,7 @@ jobs:
  apply-label:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          github-token: ${{ secrets.MY_PAT }}
          script: |
@@ -531,7 +539,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const exitCode = await exec.exec('echo', ['hello'])
@@ -549,7 +557,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
        with:
          script: |
            const {
--- a/package-lock.json
+++ b/package-lock.json
@@ -2273,9 +2273,9 @@
      }
    },
    "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
      "dependencies": {
        "balanced-match": "^1.0.0",
        "concat-map": "0.0.1"
@@ -9067,9 +9067,9 @@
      }
    },
    "brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
      "requires": {
        "balanced-match": "^1.0.0",
        "concat-map": "0.0.1"
Author	SHA1	Message	Date
dependabot[bot]	bf6eab18ca	Bump github/codeql-action from 3 to 4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-13 18:21:25 +00:00
Sneha Kripanandan	ed597411d8	Merge pull request #653 from actions/sneha-krip/readme-for-v8 README for updating actions/github-script from v7 to v8	2025-09-04 10:48:16 -04:00
Sneha Kripanandan	2dc352e4ba	Bold minimum Actions Runner version in README	2025-09-04 10:43:07 -04:00
Sneha Kripanandan	01e118c8d0	Update README for Node 24 runtime requirements	2025-09-04 10:42:40 -04:00
Sneha Kripanandan	8b222ac82e	Apply suggestion from @salmanmkc Co-authored-by: Salman Chishti <salmanmkc@GitHub.com>	2025-09-04 10:39:58 -04:00
Sneha Kripanandan	adc0eeac99	README for updating actions/github-script from v7 to v8	2025-09-04 10:27:46 -04:00