Merge releases/v4 into releases/v3

.github/workflows/codescanning-config-cli.yml

@@ -70,13 +70,33 @@ jobs:
       with:
         version: ${{ matrix.version }}
 
-    - name: Empty file
+    # On PRs, overlay analysis may change the config that is passed to the CLI.
+    # Therefore, we have two variants of the following test, one for PRs and one for other events.
+    - name: Empty file (non-PR)
+      if: github.event_name != 'pull_request'
       uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: "{}"
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
+    - name: Empty file (PR)
+      if: github.event_name == 'pull_request'
+      uses: ./../action/.github/actions/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "query-filters": [
+              {
+                "exclude": {
+                  "tags": "exclude-from-incremental"
+                }
+              }
+            ]
+          }
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
     - name: Packs from input
       if: success() || failure()
       uses: ./../action/.github/actions/check-codescanning-config

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 3.31.7 - 05 Dec 2025
+
+- Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343)
+
 ## 3.31.6 - 01 Dec 2025
 
 No user facing changes.

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.6",
-  "cliVersion": "2.23.6",
-  "priorBundleVersion": "codeql-bundle-v2.23.5",
-  "priorCliVersion": "2.23.5"
+  "bundleVersion": "codeql-bundle-v2.23.7",
+  "cliVersion": "2.23.7",
+  "priorBundleVersion": "codeql-bundle-v2.23.6",
+  "priorCliVersion": "2.23.6"
 }