Skip to content

build(deps): Bump github/codeql-action from 3 to 4#2

Merged
ten9876 merged 1 commit into
mainfrom
dependabot/github_actions/github/codeql-action-4
Mar 15, 2026
Merged

build(deps): Bump github/codeql-action from 3 to 4#2
ten9876 merged 1 commit into
mainfrom
dependabot/github_actions/github/codeql-action-4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 14, 2026

Copy link
Copy Markdown
Contributor

Bumps github/codeql-action from 3 to 4.

Release notes

Sourced from github/codeql-action's releases.

v3.32.6

  • Update default CodeQL bundle version to 2.24.3. #3548

v3.32.5

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

v3.32.4

  • Update default CodeQL bundle version to 2.24.2. #3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

v3.32.3

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v3.32.2

  • Update default CodeQL bundle version to 2.24.1. #3460

v3.32.1

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

v3.32.0

  • Update default CodeQL bundle version to 2.24.0. #3425

v3.31.11

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v3.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.10 - 12 Jan 2026

  • Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

v3.31.9

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

4.32.3 - 13 Feb 2026

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

  • Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

  • Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

  • Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

... (truncated)

Commits
  • 4cd47ad Address review comments
  • 5fa8dad Use Results for enablement return types
  • 6a77217 Add disabled by env var disablement reason
  • b6dfacb Merge pull request #3542 from github/henrymercer/parallel-unit-tests
  • 6123416 Merge remote-tracking branch 'origin/main' into henrymercer/parallel-unit-tests
  • a6594f9 Merge pull request #3540 from github/henrymercer/stub-actions-vars
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions labels Mar 14, 2026
@ten9876 ten9876 merged commit e156939 into main Mar 15, 2026
3 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/github/codeql-action-4 branch March 15, 2026 04:50
This was referenced Apr 13, 2026
M7HNF-Ian added a commit to M7HNF-Ian/AetherSDR that referenced this pull request Apr 19, 2026
#1 (bug) — mutual exclusion: setMnrEnabled now disables all other NR modes
    before enabling MNR; every other NR setter (NR2/RN2/NR4/BNR/DFNR) now
    also calls setMnrEnabled(false) in its mutual-exclusion block.

aethersdr#2 (bug) — RADE guard: setMnrEnabled early-returns when m_radeMode is active,
    matching the pattern used by all other NR setters.

aethersdr#3 — raw pointer → std::unique_ptr<MacNRFilter>: AudioEngine.h gains a
    forward declaration (#ifdef __APPLE__) and unique_ptr member; AudioEngine.cpp
    already had the full include; new/delete replaced with make_unique/reset.
    std::atomic<float> m_mnrStrength replaces plain float.

aethersdr#5 — MacNRFilter.h: processing-chain comment corrected from
    "stereo int16 → … → stereo int16" to "stereo float32 → … → stereo float32";
    also fixes the process() doc-comment.

aethersdr#6 — MacNRFilter: m_strength changed to std::atomic<float>; setStrength/
    strength() use store/load; processFrame() reads m_strength.load().
    Allows AudioEngine to write strength from the audio thread while the
    DSP dialog reads it from the UI thread without a data race.

aethersdr#8 — strength persistence: setMnrEnabled(true) restores m_mnrStrength from
    AppSettings("MnrStrength"); setMnrStrength() now saves to AppSettings
    on every change, so the value survives restarts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
G6PWY-Chris pushed a commit to G6PWY-Chris/AetherSDR that referenced this pull request Jun 22, 2026
…ultiFLEX on; pipeline subs) (aethersdr#3391)

## What

Two independent latency wins on the radio **connect handshake** — the
dominant stage of time-to-first-panadapter-frame on a warm launch. No
new dependencies, no protocol additions, ~33 lines net in
`RadioModel.cpp`.

### 1. Skip the 400 ms multiFLEX conflict peek when `mf_enable=1`
`peekForMultiFlexConflictThen` subscribes to radio/client topics, then
waits a fixed `QTimer::singleShot(400)` for the client-status burst
before sending `client gui`. But the conflict check is
`!m_multiFlexEnabled && hasOthers` — when multiFLEX is **enabled**, the
radio explicitly allows multiple GUI clients, so no conflict is possible
and that 400 ms is pure dead time. `mf_enable` arrives in the radio
status burst triggered by the preceding `sub radio all`, so
`m_multiFlexEnabled` is already set when the callback runs; we proceed
immediately. The mf-**disabled** path keeps the original 400 ms wait, so
conflict detection is unchanged where it actually matters.

`onConnected → first pan stream id`: **~851 ms → ~423 ms**

### 2. Pipeline the first subscription batch
`sub slice all → … → sub xvtr all` was one nested `sendCmd` per command,
each awaiting its `R` response — ~11 serial round trips (~0.7 s on a
LAN). The radio processes TCP commands in send order, and the **second**
sub batch in this same function (`sub tnf/dax/codec/…`) already fires
without waiting, so the per-command serialization was gratuitous.
Flattened to back-to-back fire-and-forget, matching the existing
pattern.

`first pan stream id → subscriptions ACKed`: **~985 ms → ~71 ms**

## Applies to LAN, remote IP, and SmartLink — and helps remote *more*

The subscription pipelining (aethersdr#2) lives in `registerAsGuiClient`, which
is shared by **every** connection type. `onConnected` reaches it from
both branches — LAN via `peekForMultiFlexConflictThen(…)`, and remote IP
/ SmartLink (WAN) via `sendCmd("client ip", … registerAsGuiClient)` —
and `sendCmd` routes to `m_wanConn->sendCommand()` over the SmartLink
TLS tunnel when WAN is active, or the LAN socket otherwise. Same
flattened subs on all paths.

The win is "11 serial round-trips → one burst," so it scales with
per-RTT latency: on LAN that's ~60 ms/RTT (~0.7 s saved), but over a
routed/SmartLink link at 50–200 ms+/RTT the serial chain can cost 1.5–3
s, making the absolute saving **larger on remote flows**.
Order-preserving pipelining is already proven for the WAN tunnel — the
existing second sub batch fires-and-forget through this exact path.

The peek skip (aethersdr#1) is **LAN-only** by construction: the WAN/SmartLink
branch never runs the peek (it does a `client ip` round-trip instead,
and multiFLEX conflicts on WAN are caught pre-connection via
`licensedClients`). So aethersdr#1 is a no-op there — no benefit, no regression.

## Impact

Combined handshake (**TCP connected → subscriptions ACKed**): **~1810 ms
→ ~494 ms** on LAN.

Measured warm launch → first panadapter frame: **~3.2 s → ~2.3 s** on a
FLEX-8400M over LAN. (A "warm" launch = consent already granted; a cold
first launch is dominated by the macOS local-network/mic consent
dialogs, which are one-time human interaction and not representative.)

**Remote IP / SmartLink numbers are not yet measured** (tested on a LAN
FLEX-8400M only); pipelining aethersdr#2 covers those paths and is expected to
help at least as much, but the figures above are LAN-measured.

## How it was found

Profiled the launch→connect→first-frame path with a temporary timeline
instrument (kept out of this PR per request). The connect handshake was
~55% of warm startup; this PR addresses it. The remaining stages — UI
init (~0.76 s) and the discovery broadcast wait (~0.85 s, bounded by the
radio's ~1 Hz beacon) — are untouched here and are candidate follow-ups.

## Verification (on hardware)

- Connects cleanly to a FLEX-8400M over LAN.
- Pipelined subs are sent in a single burst (`C32…C42` same
millisecond).
- No `peek window closed with no client status received` warning.
- Spectrum streams (`streamAck=yes`), panadapter renders, clean
disconnect.
- No subscription/protocol errors introduced.

## Risk

Low. Both changes preserve command **send order** (which the radio
honors) and the existing conflict-detection semantics. The mf-disabled
connect path is byte-for-byte unchanged.

💻 Generated with Claude Code (Opus 4.8) with architecture by @jensenpat

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Codex <noreply@openai.com>
Co-authored-by: Jeremy [KK7GWY] <kk7gwy@aethersdr.com>
ten9876 added a commit that referenced this pull request Jun 30, 2026
…eanups

Review fixes for NvidiaAfxFilter:

- Add reset() (flush the jitter accumulators, rebuild the resamplers) and call
  it from AudioEngine::resetRxChainStateForSourceSwitch alongside the other NR
  modules. The old NIM BNR cleared its buffers on stream restart / source switch
  / mute; that invariant was lost when BNR became AFX, so stale pre-gap audio
  and a resampler discontinuity bled into the next stream. (review #1)
- Audio hot-path: read m_outAccum via a cursor (compact only when the consumed
  prefix exceeds the tail) instead of an O(n) front-erase every block, and reuse
  a scratch buffer for NvAFX_Run output instead of allocating per block. (review #2)
- Use a categorized logging channel (qCWarning/qCDebug, lcNvAfx) instead of the
  bare qWarning/qDebug so AFX load failures show up in the support logs. (review #9)
- Brace single-line control flow per the C++ style guide. (review #10)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dsocha added a commit to dsocha/AetherSDR that referenced this pull request Jul 3, 2026
When a manual filter edit makes the engine hand control back via
setAdaptiveFilterEnabled(false), the widget synced the checkbox under a
QSignalBlocker but never persisted, leaving enabled=true on disk so the
feature silently re-enabled next session. Persist on any real enabled
change (operator or engine-driven) in the adaptiveFilterEnabledChanged
sync path. Addresses review finding aethersdr#2 on PR aethersdr#3945.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
jensenpat pushed a commit that referenced this pull request Jul 3, 2026
) (#3972)

## What & why

On an NVIDIA GPU new enough for AFX but with **no published denoiser
pack for its exact arch** — notably **sm_120 (consumer Blackwell / RTX
50-series)** — the BNR button and its Download were offered and then
**silently failed**: the per-arch `afx-bits` pack 404s (only `sm_89` is
published today). BNR looked supported but could never install, with no
message steering the user to DFNR (#3933).

Root cause: `hasSupportedGpu()` gated only on compute capability (`cc >=
89`), so `sm_120` (cc 120) passed the gate even though no pack exists
for it.

## The fix

Split the GPU check into two questions:

- **`isAfxCapableGpu()`** — is the GPU new enough for AFX at all (Ada /
RTX 40-series, `cc >= 89`)? Says nothing about pack availability.
- **`hasSupportedGpu()`** — is a pack *actually published* for the
detected arch? Now `isAfxCapableGpu() &&
kPublishedComputeCaps.contains(cc)`, where `kPublishedComputeCaps = { 89
}` (kept in sync with the `afx-bits` release assets + the
`build-afx-bits` ValidateSet).

The BNR UI enables the feature on `hasSupportedGpu()` (unchanged), but
now uses `isAfxCapableGpu()` to tell apart *"GPU too old"* from
*"AFX-capable but no pack yet"*:

- **DSP panel BNR selector** — disabled with *"No BNR pack for your GPU
(sm_120) yet — DFNR remains available."* (vs. the old "requires RTX
40-series" message, which would wrongly imply the card is too old).
- **BNR Download button** — disabled, relabelled *"No pack for this
GPU"*, tooltip points at DFNR — instead of a Download that 404s.

Scope: this is suggestion #1 from the issue (the part fully in
AetherSDR's control). Publishing an actual `sm_120` pack (#3933
suggestion #2) is gated on NVIDIA shipping a consumer-Blackwell Maxine
model to NGC and is out of scope here — when it lands, add `120` to
`kPublishedComputeCaps` and upload the assets.

## Testing

**Build:** clean (Linux, `-DENABLE_NVIDIA_AFX=ON`, Qt 6.8.3). Only
`hasSupportedGpu()`'s two callers exist, both in the DSP widget and both
updated — no collateral behavior change (a machine with a published
pack, e.g. `sm_89`, still reports `hasSupportedGpu()==true` and behaves
exactly as before; an RTX 20/30 still gets the "too old" message).

**Live on the exact issue hardware — RTX 5060 Laptop GPU, compute_cap
12.0 (`sm_120`)** — via the Automation Bridge `dumpTree` (`detectArch()`
reports `sm_120`):

| Widget (`objectName`) | `enabled` | Text / tooltip |
|---|---|---|
| BNR selector (`dspMethodBtnBNR`) | **false** | *"No BNR pack for your
GPU (sm_120) yet — DFNR remains available."* |
| Download BNR runtime | **false** | text *"No pack for this GPU"*; tip
*"…yet — use DFNR."* |

Both dead-end surfaces are now gated off with a clear message on the
real GPU, instead of offering a 404 Download.

Fixes #3933.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Jeff Skerker <7691216+skerker@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
ten9876 pushed a commit that referenced this pull request Jul 4, 2026
…3597) (#3987)

## Summary

`AETHER_NO_GPU=1` is documented as the runtime escape hatch to force
software rendering, but **on Windows it is a silent no-op**. `main.cpp`
only sets `QT_OPENGL=software`, which is an OpenGL-context hint — but
the spectrum is a `QRhiWidget` that has no `setApi()` call on Windows,
so it defaults to the **D3D11** backend and ignores `QT_OPENGL`
entirely. There is no runtime path to move the spectrum off the GPU.

This surfaced in #3597: on a weak GPU (reporter's GeForce GT 220, a 2009
DX10.1 part) the D3D11 QRhi spectrum + waterfall + overlay pipeline
saturates the GPU (~89%), and setting `AETHER_NO_GPU=1` changed nothing
— confirmed by the reporter.

## Change

In the `SpectrumWidget` constructor's non-macOS branch, when software
OpenGL is requested (`qtSoftwareOpenGlRequested()`), explicitly
`setApi(QRhiWidget::Api::OpenGL)`. Combined with the
`QT_OPENGL=software` set in `main.cpp`, this drives the spectrum through
the software OpenGL rasterizer instead of D3D11.

- The bundled `.qsb` shaders already contain GLSL variants (GLSL
100es/120/150 alongside SPIR-V/HLSL/MSL), so pipeline creation succeeds
on the OpenGL backend.
- **No behavior change on Linux**, whose `QRhiWidget` default backend is
already OpenGL — this just makes the two platforms share one explicit
code path.

`src/gui/SpectrumWidget.cpp` — 1 file, ~10 lines (comment + guarded
`setApi`).

## Scope / what this does NOT claim

- This makes the `AETHER_NO_GPU=1` flag **functional on Windows**
(review suggestion #1 from #3597). It does **not** by itself resolve the
performance complaint on weak GPU **and** CPU hardware —
software-rendering a 60 fps per-pixel GPU FFT pipeline on a 2009 CPU
will likely just move saturation from GPU to CPU. The proper lever for
that (an FFT-FPS cap / present throttle, suggestion #2) remains tracked
separately.

## Testing

- ⚠️ **Windows-specific and unverifiable in CI / on Linux** — the
failure only occurs on Windows (D3D11 default); on Linux the flag
already works because the backend defaults to OpenGL.
- Needs the #3597 reporter (@EA7JQA, GeForce GT 220) to launch with
`AETHER_NO_GPU=1` and confirm the panadapter renders and the renderer
reports the OpenGL/software backend (visible in panstats `renderer`),
and to report the resulting CPU/GPU load.

Refs #3597

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ten9876 added a commit that referenced this pull request Jul 6, 2026
…ok-guarded numeric parses

Resolves ten9876's #4068 findings.

- TYPED PAYLOAD (#2, strategic): the slice-status payload becomes a compiler-
  checked SliceDelta struct (std::optional per field) instead of the stringly-
  keyed QVariantMap. A field-name typo between FlexBackend::decodeSliceStatus and
  SliceModel::applyChanges is now a compile error, not a silently-dropped field.
  IRadioBackend::sliceChanged(int, const SliceDelta&); SliceDelta lives in
  src/core/backends/ so the interface stays free of model deps. The vendor-neutral
  rename win is unchanged — applyChanges still reads only canonical fields.
  Verified: 69 delta fields set in the decode, 69 read in the model, set-diff
  empty both ways (now also enforced by the compiler).
- PARSE GUARDS (#1): the decode's numeric parses are ok-guarded — a malformed
  present field is dropped, not applied as 0/0.0. Higher-stakes here than
  pan/meter: a garbled RF_frequency would otherwise retune the slice to 0 Hz.
  Matches FlexLib's TryParse+continue and the standard set on #4065/#4066.
- DOC FIXES: the sliceChanged connect comment now accurately describes the
  AutoConnection + same-thread assumption (not a hard "DirectConnection", which
  would be wrong if a backend ever moves to a worker thread) (#4); the stale
  "applyStatus already called below" comment reworded to reference
  decodeSliceStatus (#5).
- Tests: aetherd_slice_decode_test now asserts on the typed delta (incl. a
  malformed-RF_frequency-dropped case); slice_model_letter_test / antenna_alias_test
  build SliceDelta directly.

67/67 tests green; boundary --strict green; full app builds clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant