Guillaume Hetier [Sun, 21 Dec 2025 23:14:42 +0000 (15:14 -0800)]
Implement a generic test ioctl for kernel mode tests (#5650)
## Description
Adding system tests to MsQuic is convoluted because they must run in
both user-mode and kernel mode.
Before this PR, to add a system test, 5 code locations must be edited:
- define a new IOCTL
- IOCTL use sequential numbers: the new test will be at the end of the
list, even if it would better to group it with related tests
- handle the IOCTL from the test driver
- define a type for the IOCTL parameters
- add the parameter size type to the size array
- populate the IOCTL parameter struct from the google test parameters
- invoke the IOCTL
With this PR, only two file locations must be edited, with trivial
changes:
- register the test in kernel mode (1 line)
- invoke the test from user mode, forwarding the gtest parameters
directly (no additional parameter type, 1 line)
This PR introduces some constraint over the test function: they must
accept a single parameter by constant reference. This isn't a
limitation: test don't need non-constant parameters; multiple parameters
can be packaged in a struct (and generally already are when provided by
gtest); and this will encourage multiple small test with few parameters
rather than complex test functions trying to handle multiple scenarios.
Exisiting test will be converted to this schema in follow up PRs.
[DeepTest] Add Unit Test cases for Cubic Congestion Control (#5653)
## Description
_Some unrelated change to cubic testing got pushed to the previous PR
#5648. Starting this new PR to maintain the PRs well._
This PR adds test suite contains 17 tests covering initialization,
congestion window management, data tracking, congestion events, and
utility functions. While achieving 63.42% line coverage, significant
functionality remains untested, particularly advanced scenarios like
HyStart++, congestion avoidance calculations, and spurious congestion
recovery.
---
## Test Suite Overview
### Current Test Cases (17 tests)
1. **CubicTest.InitializeComprehensive** - Validates initialization with
various settings
2. **CubicTest.InitializeBoundaries** - Tests boundary conditions during
initialization
3. **CubicTest.MultipleSequentialInitializations** - Verifies multiple
init cycles
4. **CubicTest.CanSendScenarios** - Tests send permission logic with
various states
5. **CubicTest.SetExemption** - Validates exemption packet handling
6. **CubicTest.GetSendAllowanceScenarios** - Tests send allowance
with/without pacing
7. **CubicTest.GetSendAllowanceWithActivePacing** - Validates pacing
calculations
8. **CubicTest.GetterFunctions** - Tests getter APIs for exposing
internal state
9. **CubicTest.ResetScenarios** - Validates full and partial reset
behavior
10. **CubicTest.OnDataSent_IncrementsBytesInFlight** - Tests flight
tracking on send
11. **CubicTest.OnDataInvalidated_DecrementsBytesInFlight** - Tests
invalidation handling
12. **CubicTest.OnDataAcknowledged_BasicAck** - Validates ACK processing
in slow start
13. **CubicTest.OnDataLost_WindowReduction** - Tests loss-based
congestion events
14. **CubicTest.OnEcn_CongestionSignal** - Validates ECN-based
congestion detection
15. **CubicTest.GetNetworkStatistics_RetrieveStats** - Tests statistics
retrieval
16. **CubicTest.MiscFunctions_APICompleteness** - Covers stub/simple
functions
17. **CubicTest.HyStart_StateTransitions** - Tests HyStart++ state
machine basics
Jack He [Thu, 18 Dec 2025 01:11:29 +0000 (17:11 -0800)]
Use ProcDump instead of WER to collect user mode crash dumps (#5665)
## Description
Crash dump collection in spin tests has been broken for the longest
time.
The scripts always tried to use WER, but WER is notoriously brittle in
CI environments. Even after setting the HKEY regkeys properly, due to
group policy or other security enforcement policies, WER in CIs has been
egregiously broken.
Let us use ProcDump instead.
Fixes: #5585
## Testing
I forked the topic branch of this PR and intentionally added a NULL
pointer de-ref.
Then, I kicked off a manual dispatch and verified the dump is generated
properly: https://github.com/microsoft/msquic/actions/runs/20246218870
dependabot[bot] [Wed, 17 Dec 2025 17:05:47 +0000 (09:05 -0800)]
Bump rust-toolchain from 1.91.1 to 1.92.0 (#5659)
Bumps [rust-toolchain](https://github.com/rust-lang/rust) from 1.91.1 to
1.92.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/rust/releases">rust-toolchain's
releases</a>.</em></p>
<blockquote>
<h2>Rust 1.92.0</h2>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Language</h2>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/140463">Document
<code>MaybeUninit</code> representation and validity</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/141469">Allow
<code>&raw [mut | const]</code> for union field in safe
code</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/144064">Prefer
item bounds of associated types over where-bounds for auto-traits and
<code>Sized</code></a></li>
<li><a href="https://redirect.github.com/rust-lang/rust/pull/145277">Do
not materialize <code>X</code> in <code>[X; 0]</code> when
<code>X</code> is unsizing a const</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/145724">Support
combining <code>#[track_caller]</code> and <code>#[no_mangle]</code>
(requires every declaration specifying <code>#[track_caller]</code> as
well)</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146167">Make never
type lints <code>never_type_fallback_flowing_into_unsafe</code> and
<code>dependency_on_unit_never_type_fallback</code>
deny-by-default</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146593">Allow
specifying multiple bounds for same associated item, except in trait
objects</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146725">Slightly
strengthen higher-ranked region handling in coherence</a></li>
<li><a href="https://redirect.github.com/rust-lang/rust/pull/147382">The
<code>unused_must_use</code> lint no longer warns on <code>Result<(),
Uninhabited></code> (for instance, <code>Result<(), !></code>),
or <code>ControlFlow<Uninhabited, ()></code></a>. This avoids
having to check for an error that can never happen.</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Compiler</h2>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146858">Make
<code>mips64el-unknown-linux-muslabi64</code> link dynamically</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/147022">Remove
current code for embedding command-line args in PDB</a> Command-line
information is typically not needed by debugging tools, and the removed
code was causing problems for incremental builds even on targets that
don't use PDB debuginfo.</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Libraries</h2>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/137122">Specialize
<code>Iterator::eq{_by}</code> for <code>TrustedLen</code>
iterators</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/138799">Simplify
<code>Extend</code> for tuples</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/140153">Added
details to <code>Debug</code> for <code>EncodeWide</code></a>.</li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/147258"><code>iter::Repeat::last</code></a>
and <a
href="https://redirect.github.com/rust-lang/rust/pull/146410"><code>count</code></a>
will now panic, rather than looping infinitely.</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Stabilized APIs</h2>
<ul>
<li><a
href="https://doc.rust-lang.org/stable/std/num/struct.NonZero.html#method.div_ceil"><code>NonZero<u{N}>::div_ceil</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/panic/struct.Location.html#method.file_as_c_str"><code>Location::file_as_c_str</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/sync/struct.RwLockWriteGuard.html#method.downgrade"><code>RwLockWriteGuard::downgrade</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#method.new_zeroed"><code>Box::new_zeroed</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#method.new_zeroed_slice"><code>Box::new_zeroed_slice</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/rc/struct.Rc.html#method.new_zeroed"><code>Rc::new_zeroed</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/rc/struct.Rc.html#method.new_zeroed_slice"><code>Rc::new_zeroed_slice</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/sync/struct.Arc.html#method.new_zeroed"><code>Arc::new_zeroed</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/sync/struct.Arc.html#method.new_zeroed_slice"><code>Arc::new_zeroed_slice</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/collections/btree_map/enum.Entry.html#method.insert_entry"><code>btree_map::Entry::insert_entry</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/collections/btree_map/struct.VacantEntry.html#method.insert_entry"><code>btree_map::VacantEntry::insert_entry</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/proc_macro/struct.TokenStream.html#impl-Extend%3CGroup%3E-for-TokenStream"><code>impl
Extend<proc_macro::Group> for
proc_macro::TokenStream</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/proc_macro/struct.TokenStream.html#impl-Extend%3CLiteral%3E-for-TokenStream"><code>impl
Extend<proc_macro::Literal> for
proc_macro::TokenStream</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/proc_macro/struct.TokenStream.html#impl-Extend%3CPunct%3E-for-TokenStream"><code>impl
Extend<proc_macro::Punct> for
proc_macro::TokenStream</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/proc_macro/struct.TokenStream.html#impl-Extend%3CIdent%3E-for-TokenStream"><code>impl
Extend<proc_macro::Ident> for
proc_macro::TokenStream</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/rust/blob/main/RELEASES.md">rust-toolchain's
changelog</a>.</em></p>
<blockquote>
<h1>Version 1.92.0 (2025-12-11)</h1>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Language</h2>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/140463">Document
<code>MaybeUninit</code> representation and validity</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/141469">Allow
<code>&raw [mut | const]</code> for union field in safe
code</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/144064">Prefer
item bounds of associated types over where-bounds for auto-traits and
<code>Sized</code></a></li>
<li><a href="https://redirect.github.com/rust-lang/rust/pull/145277">Do
not materialize <code>X</code> in <code>[X; 0]</code> when
<code>X</code> is unsizing a const</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/145724">Support
combining <code>#[track_caller]</code> and <code>#[no_mangle]</code>
(requires every declaration specifying <code>#[track_caller]</code> as
well)</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146167">Make never
type lints <code>never_type_fallback_flowing_into_unsafe</code> and
<code>dependency_on_unit_never_type_fallback</code>
deny-by-default</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146593">Allow
specifying multiple bounds for same associated item, except in trait
objects</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146725">Slightly
strengthen higher-ranked region handling in coherence</a></li>
<li><a href="https://redirect.github.com/rust-lang/rust/pull/147382">The
<code>unused_must_use</code> lint no longer warns on <code>Result<(),
Uninhabited></code> (for instance, <code>Result<(), !></code>),
or <code>ControlFlow<Uninhabited, ()></code></a>. This avoids
having to check for an error that can never happen.</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Compiler</h2>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/146858">Make
<code>mips64el-unknown-linux-muslabi64</code> link dynamically</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/147022">Remove
current code for embedding command-line args in PDB</a>
Command-line information is typically not needed by debugging tools, and
the removed code
was causing problems for incremental builds even on targets that don't
use PDB debuginfo.</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Libraries</h2>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/137122">Specialize
<code>Iterator::eq{_by}</code> for <code>TrustedLen</code>
iterators</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/138799">Simplify
<code>Extend</code> for tuples</a></li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/140153">Added
details to <code>Debug</code> for <code>EncodeWide</code></a>.</li>
<li><a
href="https://redirect.github.com/rust-lang/rust/pull/147258"><code>iter::Repeat::last</code></a>
and <a
href="https://redirect.github.com/rust-lang/rust/pull/146410"><code>count</code></a>
will now panic, rather than looping infinitely.</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2>Stabilized APIs</h2>
<ul>
<li><a
href="https://doc.rust-lang.org/stable/std/num/struct.NonZero.html#method.div_ceil"><code>NonZero<u{N}>::div_ceil</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/panic/struct.Location.html#method.file_as_c_str"><code>Location::file_as_c_str</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/sync/struct.RwLockWriteGuard.html#method.downgrade"><code>RwLockWriteGuard::downgrade</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#method.new_zeroed"><code>Box::new_zeroed</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#method.new_zeroed_slice"><code>Box::new_zeroed_slice</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/rc/struct.Rc.html#method.new_zeroed"><code>Rc::new_zeroed</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/rc/struct.Rc.html#method.new_zeroed_slice"><code>Rc::new_zeroed_slice</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/sync/struct.Arc.html#method.new_zeroed"><code>Arc::new_zeroed</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/sync/struct.Arc.html#method.new_zeroed_slice"><code>Arc::new_zeroed_slice</code></a></li>
<li><a
href="https://doc.rust-lang.org/stable/std/collections/btree_map/enum.Entry.html#method.insert_entry"><code>btree_map::Entry::insert_entry</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rust-lang/rust/commit/ded5c06cf21d2b93bffd5d884aa6e96934ee4234"><code>ded5c06</code></a>
Auto merge of <a
href="https://redirect.github.com/rust-lang/rust/issues/149758">#149758</a>
- BoxyUwU:stable, r=BoxyUwU</li>
<li><a
href="https://github.com/rust-lang/rust/commit/2f2f518819dcc664dc6c346be43e0cd57eefda4d"><code>2f2f518</code></a>
bump channel</li>
<li><a
href="https://github.com/rust-lang/rust/commit/b7d4f12ec180e86bd1e29b8d855be3d2d6e231cb"><code>b7d4f12</code></a>
add release notes</li>
<li><a
href="https://github.com/rust-lang/rust/commit/112a4af313b5c22dacc188c66d68ebc05114d076"><code>112a4af</code></a>
Auto merge of <a
href="https://redirect.github.com/rust-lang/rust/issues/149656">#149656</a>
- flip1995:clippy-beta-backport, r=Mark-Simulacrum</li>
<li><a
href="https://github.com/rust-lang/rust/commit/5cd7b3150dade8bc6e069f89bef2cc9ab3003e6c"><code>5cd7b31</code></a>
Auto merge of <a
href="https://redirect.github.com/rust-lang/rust/issues/149649">#149649</a>
- wesleywiser:revert_147793, r=wesleywiser</li>
<li><a
href="https://github.com/rust-lang/rust/commit/f5e067bb5021ea6b03ef9f79888eb3326a9c5348"><code>f5e067b</code></a>
fix(double_parens): don't lint in proc-macros (<a
href="https://redirect.github.com/rust-lang/rust/issues/15939">#15939</a>)</li>
<li><a
href="https://github.com/rust-lang/rust/commit/25cde4771793557e17a8b762f9e3e7d924531f3e"><code>25cde47</code></a>
Fix <code>replace_box</code> FP when the box is moved (<a
href="https://redirect.github.com/rust-lang/rust/issues/15984">#15984</a>)</li>
<li><a
href="https://github.com/rust-lang/rust/commit/2a33be74725b17a8a51dc206b12cdf263af19b64"><code>2a33be7</code></a>
Taking a raw pointer on a union field is a safe operation (<a
href="https://redirect.github.com/rust-lang/rust/issues/16079">#16079</a>)</li>
<li><a
href="https://github.com/rust-lang/rust/commit/9deb2c4c929d0263f2ddfb7c6e63e3e15081be45"><code>9deb2c4</code></a>
Revert "Replace NullOp::SizeOf and NullOp::AlignOf by lang
items."</li>
<li><a
href="https://github.com/rust-lang/rust/commit/ac0aff2115f92bd6f119f0df08d3bf0c4f8d259d"><code>ac0aff2</code></a>
Auto merge of <a
href="https://redirect.github.com/rust-lang/rust/issues/149572">#149572</a>
- cuviper:beta-next, r=cuviper</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-lang/rust/compare/1.91.1...1.92.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Lindon Aliu [Mon, 15 Dec 2025 18:11:29 +0000 (19:11 +0100)]
Fix Rust connection callback context cleanup and add regression test (#5618)
## Description Closes: #5520
- Clean up connection callback contexts on ShutdownComplete so handlers
set via ConnectionRef are freed automatically (no leak).
- Allow connection callbacks to return success when the context was
already cleared (e.g., post-cleanup), avoiding panics.
- Add a regression test that asserts the server-side ConnectionRef
handler is dropped after shutdown.
Testing
## Testing
- cargo test
## Documentation
_Is there any documentation impact for this change?_
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Jack He [Tue, 9 Dec 2025 22:26:07 +0000 (14:26 -0800)]
Add logging for spinquic tests. (#5643)
## Description
The Spin powershell script had support for gathering MsQuic logs but the
CI is never using it.
Let's add an option to configure logging in spin tests. For workflow
dispatch, the user can control the log profile. For pull request and
merge events, Basic.Light is used.
Fix some flakyness in QuicTestOperationPriority (#5640)
## Description
`QuicTestOperationPriority` relied on the number of stream bytes sent
from the statistic data to determine if a send operation completed or
not.
This is incorrect, as the number of bytes is updated in the stats only
after a `FLUSH_SEND` operation. It left room for some situations where
the `GET_PARAM` operation could run between the `STREAM_SEND` and the
`FLUSH_SEND`, causing a spurious test failure.
The test now relies on the `STREAM_SEND_COMPLETE` indication.
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Aditya Pandey [Fri, 5 Dec 2025 19:52:28 +0000 (01:22 +0530)]
Fix GCC multichar warning with push/pop pragma (#5632) (#5639)
## Description
Fixes the `-Wmultichar` warning that appears on some build
configurations (particularly Alpine Linux) by properly scoping the
pragma suppression with `push`/`pop` directives.
Fail test passes when a test succeeds only after a retry (#5636)
## Description
Retries have been added automatically to every test on failure, which
might be hiding infrequent issues.
This change makes the test pass fail if it takes a retry for the CI to
succeed.
This will let us know how frequently the retry was needed to avoid
spurious issues and how often it was hiding real infrequent issues. If
the failure rate does not dramatically increase, the entire retry logic
should be removed.
The "KeyUpdate" test is sometime failing spuriously.
This was due to a sequence of frames where, after a client initiated key
update, it would not need to send a frame in response to the server
acknowledging the key update. Then, the server would still be waiting
for the key update confirmation when the test tries to initiate a key
update from the server side.
This behavior follows the RFC, there is no need to acknowledge a key
change a packet needs to be sent for another reason.
The test was relying on the assumption that no frames would be sent
without a test action, which is not true in general (only most of the
time). It was also mixing two largely independent test scenarios in one
test, making it hard to understand.
This PR:
- split the test in two based on the two scenarios validated (force
updates / trigger updates by sending packets)
- refactor the test, adding helpers, removing non-needed scopes
- fix the issue by ensuring both the client and the server send a frame
to acknowledge a key update.
Fix validateGlobalParam test on ADO pipelines (#5600)
## Description
The `validateGlobalParam` test has been failing on the ADO pipeline.
This seems to be due to the `QuicTestValidateRegistration` test now
creating registrations for real, which triggers the lazy initialization
of the Quic library and creates a datapath.
These API tests assume nothing has been initialized and test for failure
path.
Instead, move the test to the "basic test" file.
As a follow up, we should consider making test truly independent by not
creating the MsQuic library globally.
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
dependabot[bot] [Tue, 2 Dec 2025 18:36:52 +0000 (10:36 -0800)]
Bump actions/setup-dotnet from 5.0.0 to 5.0.1 (#5630)
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet)
from 5.0.0 to 5.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-dotnet/releases">actions/setup-dotnet's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade typescript from 5.4.2 to 5.9.2 and document breaking changes
in v5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-dotnet/pull/624">actions/setup-dotnet#624</a></li>
<li>Upgrade eslint-plugin-jest from 27.9.0 to 29.0.1 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-dotnet/pull/648">actions/setup-dotnet#648</a></li>
<li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 and update
macos-13 to macos-15-intel by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-dotnet/pull/665">actions/setup-dotnet#665</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-dotnet/compare/v5...v5.0.1">https://github.com/actions/setup-dotnet/compare/v5...v5.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-dotnet/commit/2016bd2012dba4e32de620c46fe006a3ac9f0602"><code>2016bd2</code></a>
Bump actions/publish-action from 0.3.0 to 0.4.0 and update macos-13 to
macos-...</li>
<li><a
href="https://github.com/actions/setup-dotnet/commit/21e81f65ddb80069d5591297dcd4703c0d9824d2"><code>21e81f6</code></a>
Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (<a
href="https://redirect.github.com/actions/setup-dotnet/issues/648">#648</a>)</li>
<li><a
href="https://github.com/actions/setup-dotnet/commit/740310365d5065c44c30d213e7963107ebfd22d5"><code>7403103</code></a>
Bump typescript from 5.4.2 to 5.9.2 (<a
href="https://redirect.github.com/actions/setup-dotnet/issues/624">#624</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-dotnet/compare/d4c94342e560b34958eacfc5d055d21461ed1c5d...2016bd2012dba4e32de620c46fe006a3ac9f0602">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
dependabot[bot] [Tue, 2 Dec 2025 18:36:42 +0000 (10:36 -0800)]
Bump github/codeql-action from 4.31.4 to 4.31.6 (#5629)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.31.4 to 4.31.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.31.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
<li>Update default CodeQL bundle version to 2.23.5. <a
href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li>
</ul>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/fe4161a26a8629af62121b670040955b330f9af2"><code>fe4161a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3336">#3336</a>
from github/update-v4.31.6-ecec1f887</li>
<li><a
href="https://github.com/github/codeql-action/commit/88c2ab5eee3b475eef2f7aabf89bd9f052153d91"><code>88c2ab5</code></a>
Update changelog for v4.31.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/ecec1f88769052ebc45aa0affc53ea30d474cffa"><code>ecec1f8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3335">#3335</a>
from github/mbg/ci/run-codeql-on-all-prs</li>
<li><a
href="https://github.com/github/codeql-action/commit/23da73277866951560f258278028b48f68958a0a"><code>23da732</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3334">#3334</a>
from github/kaspersv/overlay-minor-comments</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7abc748a3da068e17cfd0e1086e8d72e51f17b6"><code>f7abc74</code></a>
Remove branch filter for PR event in CodeQL workflow</li>
<li><a
href="https://github.com/github/codeql-action/commit/32ada5e061c0433b9e40f11632c2412a55b745f9"><code>32ada5e</code></a>
Merge branch 'main' into kaspersv/overlay-minor-comments</li>
<li><a
href="https://github.com/github/codeql-action/commit/75b2f49aeaf4e8a9eab338ddc5d628eea7366eeb"><code>75b2f49</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3333">#3333</a>
from github/kaspersv/overlay-no-resource-checks-option</li>
<li><a
href="https://github.com/github/codeql-action/commit/f036b1cb781fa664100fee1f7c56a0088663dd26"><code>f036b1c</code></a>
Merge branch 'main' into kaspersv/overlay-no-resource-checks-option</li>
<li><a
href="https://github.com/github/codeql-action/commit/58c5954801c246a3975b658372285b37c45de271"><code>58c5954</code></a>
Add comment to runnerSupportsOverlayAnalysis</li>
<li><a
href="https://github.com/github/codeql-action/commit/b02fa13292ce189c02cbb1ba5488f7dbbc8c6b14"><code>b02fa13</code></a>
Order feature flags alphabetically</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/e12f0178983d466f2f6028f5cc7a6d786fd97f4b...fe4161a26a8629af62121b670040955b330f9af2">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Guillaume Hetier [Wed, 26 Nov 2025 19:56:31 +0000 (11:56 -0800)]
Fix QTIP port selection (#5626)
## Description
Fixes #5346.
When creating a QTIP listener with a wildcard port:
- a UDP socket is created first (to reserve the UDP port as XDP will
take it over), and the OS would assign an ephemeral port to it
- a TCP socket is created second (to reserve the TCP port as XDP will
take it over)
- but instead of re-using the same port, the initial config was re-used,
and the OS would assign a different ephemeral port
- this second port would override the first one in the MsQuic socket
config
The main consequences of this bug are:
- the right UDP port was not reserved when creating a listener with a
wildcard port
- if later on, the OS assigned the UDP port matching the listener TCP
port, MsQuic would fail to create a binding (causing the test failure we
observed)
Creating a listener without a port set is largely a test scenario.
Creating a client connection with an unspecified a port was ok because
only a TCP or a UDP socket is created for client connection.
## Testing
C/I. We should add some test to validate port reservation in XDP
scenarios, but it will take efforts to enable test to create sockets
cross-platform.
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Kitlith [Tue, 25 Nov 2025 23:13:56 +0000 (15:13 -0800)]
Build for Android Arm/Arm64 in CI (#5620)
Arm and Arm64 android builds feel much more applicable than the x86_64
android builds that CI already produces. Since it was a simple change to
make to the CI workflow, I figured I'd send the proposal to add them to
the CI flow along with the PR to actually add it. It's up to you whether
the extra CI work makes sense, though.
dependabot[bot] [Mon, 24 Nov 2025 18:12:22 +0000 (10:12 -0800)]
Bump actions/checkout from 5.0.1 to 6.0.0 (#5615)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1
to 6.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>V5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Anthony Rossi [Thu, 20 Nov 2025 16:52:55 +0000 (08:52 -0800)]
Separate the dependabot entries for Docker Images (#5613)
## Description
It appears as though when the docker entries are together, they are only
updated together. This change separates the Ubuntu 22.04 and Ubuntu
24.04 dependabot entries so they will hopefully update separately.
## Testing
Running the dependabot CLI with this change seems to correctly update
the docker images.
## Documentation
Added a comment to the file explaining why the split exists
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
dependabot[bot] [Thu, 20 Nov 2025 01:51:20 +0000 (01:51 +0000)]
Bump docker/metadata-action from 5.8.0 to 5.9.0 (#5610)
Bumps
[docker/metadata-action](https://github.com/docker/metadata-action) from
5.8.0 to 5.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/metadata-action/releases">docker/metadata-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.9.0</h2>
<ul>
<li>Add <code>tag-names</code> output to return tag names without image
base name by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li>
<li>Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li>
<li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a
href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li>
<li>Bump csv-parse from 5.6.0 to 6.1.0 in <a
href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li>
<li>Bump semver from 7.7.2 to 7.7.3 in in <a
href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li>
<li>Bump tmp from 0.2.3 to 0.2.5 in <a
href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/metadata-action/commit/318604b99e75e41977312d83839a89be02ca4893"><code>318604b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/539">#539</a>
from docker/dependabot/npm_and_yarn/babel/runtime-cor...</li>
<li><a
href="https://github.com/docker/metadata-action/commit/49c0a55d550aa6a75ca45d794feeed45985039b1"><code>49c0a55</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/metadata-action/commit/486229e3f47b6ee1b8f8222e94b250765d66c21f"><code>486229e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/558">#558</a>
from crazy-max/fix-dist</li>
<li><a
href="https://github.com/docker/metadata-action/commit/f02aeab1eec44688425e47726ea8f1517e67b6c1"><code>f02aeab</code></a>
chore: fix dist</li>
<li><a
href="https://github.com/docker/metadata-action/commit/beafb973058c84432dbfe5597f50522a763b1203"><code>beafb97</code></a>
chore(deps): Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to
7.28.2</li>
<li><a
href="https://github.com/docker/metadata-action/commit/3ff819c6c588be1afbd2a366e7d4277a6f657b85"><code>3ff819c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/557">#557</a>
from crazy-max/yarn-4.9.2</li>
<li><a
href="https://github.com/docker/metadata-action/commit/05838e9769c2d7801f424666843e0d4d5c80b6f3"><code>05838e9</code></a>
update yarn to 4.9.2</li>
<li><a
href="https://github.com/docker/metadata-action/commit/43fa4ac0d33c225d08882e24e3aa49bcea4f135b"><code>43fa4ac</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/556">#556</a>
from crazy-max/dev-deps</li>
<li><a
href="https://github.com/docker/metadata-action/commit/b3120f2f185dcf0a842f81a5550c160d87034a9c"><code>b3120f2</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/metadata-action/commit/1f469d21ee9a749f1501af441c4cb15d7bf409d6"><code>1f469d2</code></a>
update dev dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/metadata-action/compare/c1e51972afc2121e065aed6d45c65596fe445f3f...318604b99e75e41977312d83839a89be02ca4893">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
dependabot[bot] [Thu, 20 Nov 2025 01:50:44 +0000 (01:50 +0000)]
Bump github/codeql-action from 4.31.2 to 4.31.4 (#5607)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.31.2 to 4.31.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.31.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.4/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.3</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
<li>Update default CodeQL bundle version to 2.23.5. <a
href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.3/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
<li>Update default CodeQL bundle version to 2.23.5. <a
href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li>
</ul>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/e12f0178983d466f2f6028f5cc7a6d786fd97f4b"><code>e12f017</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3312">#3312</a>
from github/update-v4.31.4-70434f6dd</li>
<li><a
href="https://github.com/github/codeql-action/commit/c9cb6f9c13e4f332e53ed0b3c512042839d798d0"><code>c9cb6f9</code></a>
Update changelog for v4.31.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/70434f6dd2a8ee54b4da4612d2f7b8610dc8fd80"><code>70434f6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3311">#3311</a>
from github/mbg/deps/bump-glob</li>
<li><a
href="https://github.com/github/codeql-action/commit/528362a7c177806bfb952333f21e18a1721bed2f"><code>528362a</code></a>
Bump <code>glob</code> to at least <code>11.1.0</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/de12435376cbf17c34d5c2693e2e976ce36c68f1"><code>de12435</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3308">#3308</a>
from github/mbg/pr-template/nov25</li>
<li><a
href="https://github.com/github/codeql-action/commit/ffa63f0dac7bf42e00061d972fa89c8c81288540"><code>ffa63f0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3307">#3307</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/7bcdb4bc66db8e438dc8f9c08c766c8becf2b9c4"><code>7bcdb4b</code></a>
Add additional options to PR template and clarify some</li>
<li><a
href="https://github.com/github/codeql-action/commit/07eae6420a6997001a066933b320b2ef99fd7016"><code>07eae64</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3303">#3303</a>
from github/mario-campos/v3-core-warning</li>
<li><a
href="https://github.com/github/codeql-action/commit/e546fff0769babab6379aab7c5cd15f981fd3f13"><code>e546fff</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/c418a0fc93ea9817b81a49f568d5714dc2bd65c6"><code>c418a0f</code></a>
Bump ruby/setup-ruby</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...e12f0178983d466f2f6028f5cc7a6d786fd97f4b">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Guillaume Hetier [Wed, 19 Nov 2025 17:30:23 +0000 (09:30 -0800)]
Fix double deref in connection pool error path (#5597)
## Description
When creating a connection pool, if a `QuicConnStart` fails:
- the connection was marked as `ExternalOwner` to prevent it from
sending notification to the app
- but this also mean that the closing logic will take care of releasing
the owner refcount, since the application is not the owner yet
- the connection was closed using `MsQuicConnectionClose`, which release
the refcount of the application
This caused a double release, triggering an assertion.
We should not call APIs from internal call (it makes logging confusing
and breaks some assumptions), so queue the connection close manually
instead.
Fixes #5550.
## Testing
C/I.
Need to consider if there is a simply way to deterministically test the
connection pool failure paths.
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Copilot [Fri, 14 Nov 2025 01:06:01 +0000 (17:06 -0800)]
Add Complete jobs to Stress and DotNet test workflows (#5588)
Adds `Complete` jobs to `stress.yml` and `dotnet-test.yml` workflows to
enable enforcement of test pass requirements before PR merge. These
workflows previously lacked the aggregation step present in `build.yml`
and `test.yml`.
Jack He [Wed, 12 Nov 2025 19:48:25 +0000 (11:48 -0800)]
Fix actions permissions (#5580)
## Description
To allow for the automatic creation of GH issues, we had to elevate
test.yml to write issues.
But unknowingly, this action restricted certain permissions in test.yml.
Let's be explicit and enumerate all.
Copilot [Tue, 28 Oct 2025 23:33:43 +0000 (16:33 -0700)]
Fix documentation references to non-existent stream count parameters (#5543)
* Update Streams.md to reference correct QUIC_SETTINGS fields
Replace references to non-existent QUIC_PARAM_CONN_PEER_BIDI_STREAM_COUNT
and QUIC_PARAM_CONN_PEER_UNIDI_STREAM_COUNT parameters with correct
documentation on how to set PeerBidiStreamCount and PeerUnidiStreamCount
via QUIC_SETTINGS structure.
projects / 0xmirror / msquic.git / log