From b13ab62bc03a2947966938e043f11aec94d77a25 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 23 Feb 2026 11:57:23 +0000 Subject: [PATCH 1/4] Remove extra blank line --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 1475dcf41c..03db318f1d 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,6 @@ We recommend referencing the CodeQL Action using a major version tag (e.g. `v3`) If you pin to a specific commit SHA or patch version tag, ensure you keep it updated (e.g. via [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)). Some CodeQL Action features are controlled by server-side flags that may be removed over time, which can cause pinned versions to lose functionality. - ## Troubleshooting Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning). From bce7dc4616e20ab1756093d4b2da5902a12d1617 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 23 Feb 2026 11:58:25 +0000 Subject: [PATCH 2/4] `v3` => `v4` --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 03db318f1d..8d830a05fa 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ See the full list of GHES release and deprecation dates at [GitHub Enterprise Se ## Keeping the CodeQL Action up to date -We recommend referencing the CodeQL Action using a major version tag (e.g. `v3`) in your workflow file. This ensures your workflow automatically picks up the latest release within that major version, including bug fixes, new features, and updated CodeQL CLI versions. +We recommend referencing the CodeQL Action using a major version tag (e.g. `v4`) in your workflow file. This ensures your workflow automatically picks up the latest release within that major version, including bug fixes, new features, and updated CodeQL CLI versions. If you pin to a specific commit SHA or patch version tag, ensure you keep it updated (e.g. via [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)). Some CodeQL Action features are controlled by server-side flags that may be removed over time, which can cause pinned versions to lose functionality. From 0a9b98b511420bea4ec565faa20f261ccc00247a Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 23 Feb 2026 11:59:08 +0000 Subject: [PATCH 3/4] Highlight that this for advanced setups --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8d830a05fa..7c535f8bed 100644 --- a/README.md +++ b/README.md @@ -80,9 +80,9 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server). -## Keeping the CodeQL Action up to date +## Keeping the CodeQL Action up to date in advanced setups -We recommend referencing the CodeQL Action using a major version tag (e.g. `v4`) in your workflow file. This ensures your workflow automatically picks up the latest release within that major version, including bug fixes, new features, and updated CodeQL CLI versions. +If you are using an [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning), we recommend referencing the CodeQL Action using a major version tag (e.g. `v4`) in your workflow file. This ensures your workflow automatically picks up the latest release within that major version, including bug fixes, new features, and updated CodeQL CLI versions. If you pin to a specific commit SHA or patch version tag, ensure you keep it updated (e.g. via [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)). Some CodeQL Action features are controlled by server-side flags that may be removed over time, which can cause pinned versions to lose functionality. From 466da5ec2d49919beacdfc0757d272ad655675a8 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 23 Feb 2026 12:00:58 +0000 Subject: [PATCH 4/4] Slight wording change --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7c535f8bed..da34a9110d 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ See the full list of GHES release and deprecation dates at [GitHub Enterprise Se If you are using an [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning), we recommend referencing the CodeQL Action using a major version tag (e.g. `v4`) in your workflow file. This ensures your workflow automatically picks up the latest release within that major version, including bug fixes, new features, and updated CodeQL CLI versions. -If you pin to a specific commit SHA or patch version tag, ensure you keep it updated (e.g. via [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)). Some CodeQL Action features are controlled by server-side flags that may be removed over time, which can cause pinned versions to lose functionality. +If you pin to a specific commit SHA or patch version tag, ensure you keep it updated (e.g. via [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)). Some CodeQL Action features are enabled by server-side flags that may be removed over time, which can cause old versions to lose functionality. ## Troubleshooting