github
diff --git a/‎.github/workflows/codescanning-config-cli.yml‎
Lines changed: 21 additions & 1 deletion b/‎.github/workflows/codescanning-config-cli.yml‎
Lines changed: 21 additions & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/analyze-action-post.js‎
Lines changed: 2 additions & 2 deletions b/‎lib/analyze-action-post.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/analyze-action.js‎
Lines changed: 4 additions & 4 deletions b/‎lib/analyze-action.js‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/autobuild-action.js‎
Lines changed: 4 additions & 4 deletions b/‎lib/autobuild-action.js‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/defaults.json‎
Lines changed: 4 additions & 4 deletions b/‎lib/defaults.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/init-action-post.js‎
Lines changed: 4 additions & 4 deletions b/‎lib/init-action-post.js‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/init-action.js‎
Lines changed: 4 additions & 4 deletions b/‎lib/init-action.js‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/resolve-environment-action.js‎
Lines changed: 2 additions & 2 deletions b/‎lib/resolve-environment-action.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/setup-codeql-action.js‎
Lines changed: 4 additions & 4 deletions b/‎lib/setup-codeql-action.js‎
Lines changed: 4 additions & 4 deletions
@@ -70,13 +70,33 @@ jobs:
       with:
         version: ${{ matrix.version }}
 
-    - name: Empty file
+    # On PRs, overlay analysis may change the config that is passed to the CLI.
+    # Therefore, we have two variants of the following test, one for PRs and one for other events.
+    - name: Empty file (non-PR)
+      if: github.event_name != 'pull_request'
       uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: "{}"
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
+    - name: Empty file (PR)
+      if: github.event_name == 'pull_request'
+      uses: ./../action/.github/actions/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "query-filters": [
+              {
+                "exclude": {
+                  "tags": "exclude-from-incremental"
+                }
+              }
+            ]
+          }
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
     - name: Packs from input
       if: success() || failure()
       uses: ./../action/.github/actions/check-codescanning-config
 
@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 4.31.7 - 05 Dec 2025
+
+- Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343)
+
 ## 4.31.6 - 01 Dec 2025
 
 No user facing changes.
 
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.6",
-  "cliVersion": "2.23.6",
-  "priorBundleVersion": "codeql-bundle-v2.23.5",
-  "priorCliVersion": "2.23.5"
+  "bundleVersion": "codeql-bundle-v2.23.7",
+  "cliVersion": "2.23.7",
+  "priorBundleVersion": "codeql-bundle-v2.23.6",
+  "priorCliVersion": "2.23.6"
 }
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`		`- "bundleVersion": "codeql-bundle-v2.23.6",`
`3`		`- "cliVersion": "2.23.6",`
`4`		`- "priorBundleVersion": "codeql-bundle-v2.23.5",`
`5`		`- "priorCliVersion": "2.23.5"`
	`2`	`+ "bundleVersion": "codeql-bundle-v2.23.7",`
	`3`	`+ "cliVersion": "2.23.7",`
	`4`	`+ "priorBundleVersion": "codeql-bundle-v2.23.6",`
	`5`	`+ "priorCliVersion": "2.23.6"`
`6`	`6`	`}`