build(deps): bump github/codeql-action/init from 4.36.3 to 4.37.0#652
Conversation
Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.3 to 4.37.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@54f647b...99df26d) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 971501f9e7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 | ||
| uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 |
There was a problem hiding this comment.
Keep CodeQL init and analyze on the same version
In this CodeQL job, init now runs action version 4.37.0 while the analyze step below is still pinned to 4.36.3. CodeQL init saves its parsed config with its own action version, and analyze loads that config before analysis and rejects it when the saved version differs from the running action version (getConfig reports “Loaded a configuration file for version ... but running version ...”). Any pull_request run that reaches this job will therefore fail before uploading CodeQL results; update the analyze action to the same SHA/version as init in this change.
Useful? React with 👍 / 👎.
CI Test ResultsRun: #29216386559 | Commit:
Status Overview
Legend: ✅ passed | ❌ failed | ⚪ skipped | 🚫 cancelled Summary: Total: 32 | Passed: 32 | Failed: 0 Updated: 2026-07-13 01:14:52 UTC |
Benchmark Results (commit 971501f)Pipeline: https://gitlab.ddbuild.io/DataDog/apm-reliability/benchmarking-platform/-/pipelines/124225578 Commit:
|
| Benchmark | JDK | Latest | Dev | Δ (dev vs latest) | Issues L/D |
|---|---|---|---|---|---|
| akka-uct | 21 | ✅ 10359 ms (21 iters) | ✅ 10348 ms (21 iters) | ≈ -0.1% (±11%) | — / — |
| akka-uct | 25 | ✅ 8827 ms (24 iters) | ✅ 8927 ms (24 iters) | ≈ +1.1% (±9.5%) | — / — |
| finagle-chirper | 21 | ✅ 5925 ms (33 iters) | ✅ 5969 ms (33 iters) | ≈ +0.7% (±25.7%) | |
| finagle-chirper | 25 | ✅ 5489 ms (36 iters) | ✅ 5448 ms (36 iters) | ≈ -0.7% (±24.3%) | |
| fj-kmeans | 21 | ✅ 2690 ms (70 iters) | ✅ 2814 ms (66 iters) | 🔴 +4.6% | — / — |
| fj-kmeans | 25 | ✅ 2823 ms (66 iters) | ✅ 2842 ms (66 iters) | ≈ +0.7% (±2.6%) | — / — |
| future-genetic | 21 | ✅ 2042 ms (90 iters) | ✅ 2125 ms (88 iters) | 🔴 +4.1% | — / — |
| future-genetic | 25 | ✅ 2072 ms (89 iters) | ✅ 2061 ms (90 iters) | ≈ -0.5% (±2.7%) | — / — |
| naive-bayes | 21 | ✅ 1305 ms (132 iters) | ✅ 1265 ms (135 iters) | ≈ -3.1% (±32.4%) | — / — |
| naive-bayes | 25 | ✅ 1010 ms (170 iters) | ✅ 1010 ms (169 iters) | ≈ 0% (±31.6%) | — / — |
| reactors | 21 | ✅ 16613 ms (15 iters) | ✅ 16013 ms (15 iters) | ≈ -3.6% (±8.3%) | — / — |
| reactors | 25 | ✅ 18160 ms (15 iters) | ✅ 18740 ms (15 iters) | ≈ +3.2% (±4.3%) | — / — |
Internal counter details (ddprof)
ddprof internal counters, latest / dev (✅ = 0, · = unavailable):
| Benchmark | JDK | Dropped rec | Dropped jvmti | Dropped trace | Skipped WC | AGCT fail | Unwind fail |
|---|---|---|---|---|---|---|---|
| akka-uct | 21 | ✅ / ✅ | ✅ / ✅ | 1 / 2 | 1960 / 2022 | ✅ / ✅ | ✅ / ✅ |
| akka-uct | 25 | ✅ / ✅ | ✅ / ✅ | ✅ / 3 | 2391 / 2500 | ✅ / ✅ | ✅ / ✅ |
| finagle-chirper | 21 | ✅ / ✅ | ✅ / ✅ | 5 / 7 | 8785 / 8484 | ✅ / ✅ | ✅ / ✅ |
| finagle-chirper | 25 | ✅ / ✅ | ✅ / ✅ | ✅ / 2 | 8396 / 8483 | ✅ / ✅ | ✅ / ✅ |
| fj-kmeans | 21 | ✅ / ✅ | ✅ / ✅ | 1 / ✅ | 1287 / 1258 | ✅ / ✅ | ✅ / ✅ |
| fj-kmeans | 25 | ✅ / ✅ | ✅ / ✅ | 1 / ✅ | 1284 / 1288 | ✅ / ✅ | ✅ / ✅ |
| future-genetic | 21 | ✅ / ✅ | ✅ / ✅ | 1 / 2 | 2924 / 2923 | ✅ / ✅ | ✅ / ✅ |
| future-genetic | 25 | ✅ / ✅ | ✅ / ✅ | 1 / 4 | 2858 / 2996 | ✅ / ✅ | ✅ / ✅ |
| naive-bayes | 21 | ✅ / ✅ | ✅ / ✅ | 6 / 1 | 3552 / 3553 | ✅ / ✅ | ✅ / ✅ |
| naive-bayes | 25 | ✅ / ✅ | ✅ / ✅ | 2 / 3 | 3509 / 3496 | ✅ / ✅ | ✅ / ✅ |
| reactors | 21 | ✅ / ✅ | ✅ / ✅ | ✅ / ✅ | 1812 / 1547 | ✅ / ✅ | ✅ / ✅ |
| reactors | 25 | ✅ / ✅ | ✅ / ✅ | ✅ / 1 | 1836 / 1920 | ✅ / ✅ | ✅ / ✅ |
analyze had already moved to v4.37.0 here but init was still on v4.36.3 (bumped separately in #652); mixed versions make analyze reject init's config. Bump init to match.
Bumps github/codeql-action/init from 4.36.3 to 4.37.0.
Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
99df26dMerge pull request #3996 from github/update-v4.37.0-c7c896d7131c2707Add changenote for #397372df218Update changelog for v4.37.0c7c896dMerge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.03f34ff0Add changelog note43bec09Update default bundle to codeql-bundle-v2.26.0f58f0d1Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands7dc37cbMerge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...8e22350ThreadActionStatetoinitConfig69c9e8cMark somestatus-reportimports astype-only to avoid circular dependenciesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)