Skip to content

chore(deps): bump github/codeql-action from 3.29.0 to 4.32.6 in the github-actions-updates group#63223

Merged
potiuk merged 1 commit intov3-1-testfrom
dependabot/github_actions/v3-1-test/github-actions-updates-b974f349ee
Mar 9, 2026
Merged

chore(deps): bump github/codeql-action from 3.29.0 to 4.32.6 in the github-actions-updates group#63223
potiuk merged 1 commit intov3-1-testfrom
dependabot/github_actions/v3-1-test/github-actions-updates-b974f349ee

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps the github-actions-updates group with 1 update: github/codeql-action.

Updates github/codeql-action from 3.29.0 to 4.32.6

Release notes

Sourced from github/codeql-action's releases.

v4.32.6

  • Update default CodeQL bundle version to 2.24.3. #3548

v4.32.5

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

v4.32.4

  • Update default CodeQL bundle version to 2.24.2. #3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

v4.32.3

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v4.32.2

  • Update default CodeQL bundle version to 2.24.1. #3460

v4.32.1

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

v4.32.0

  • Update default CodeQL bundle version to 2.24.0. #3425

v4.31.11

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

  • Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

v4.31.9

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

  • Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
  • The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

4.32.6 - 05 Mar 2026

  • Update default CodeQL bundle version to 2.24.3. #3548

4.32.5 - 02 Mar 2026

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

4.32.4 - 20 Feb 2026

  • Update default CodeQL bundle version to 2.24.2. #3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

4.32.3 - 13 Feb 2026

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

  • Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

  • Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

... (truncated)

Commits
  • 0d579ff Merge pull request #3551 from github/update-v4.32.6-72d2d850d
  • d4c6be7 Update changelog for v4.32.6
  • 72d2d85 Merge pull request #3548 from github/update-bundle/codeql-bundle-v2.24.3
  • 23f983c Merge pull request #3544 from github/dependabot/github_actions/dot-github/wor...
  • 832e97c Merge pull request #3545 from github/dependabot/github_actions/dot-github/wor...
  • 5ef38c0 Merge pull request #3546 from github/dependabot/npm_and_yarn/tar-7.5.10
  • 80c9cda Add changelog note
  • f2669dd Update default bundle to codeql-bundle-v2.24.3
  • bd03c44 Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...
  • 102d762 Bump tar from 7.5.7 to 7.5.10
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump github/codeql-action
bd25011 
Bumps the github-actions-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.0 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ce28f5b...0d579ff)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 9, 2026
@dependabot dependabot bot requested a review from potiuk as a code owner March 9, 2026 21:00
@dependabot dependabot bot added the github_actions Pull requests that update GitHub Actions code label Mar 9, 2026
@potiuk potiuk merged commit 89569b2 into v3-1-test Mar 9, 2026
33 checks passed
@potiuk potiuk deleted the dependabot/github_actions/v3-1-test/github-actions-updates-b974f349ee branch March 9, 2026 21:06
vatsrahul1001 pushed a commit that referenced this pull request Mar 10, 2026
@dependabot @vatsrahul1001
chore(deps): bump github/codeql-action (#63223)
edd734b 
Bumps the github-actions-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.0 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ce28f5b...0d579ff)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
pierrejeambrun added a commit that referenced this pull request Mar 10, 2026
@pierrejeambrun @Dev-iL
@claude @Lee-W @dependabot @github-actions @kalluripradeep @XD-DENG @bugraoz93 @potiuk @jason810496 @vincbeck @jscheffl @bbovenzi @LakshmiSravyaVedantham @john-rodriguez-mgni @cursoragent @eladkal @kimyoungi99 @Subham-KRLX
[v3-1-test] Fix grid view URL for dynamic task groups (#63205) (#63254)
d9aea9b 
* fix: Unhandled Exception in remote logging if connection doesn't exist(#59801) (#62979)

Cherry-picked from 3428dc9 with conflict resolution:
- context.py: Added `import inspect` (skip `import functools` as `from functools import cache` already exists)
- supervisor.py: Adopted early-return pattern and explicit `del` for GC, kept simpler env var handling (no `_AIRFLOW_PROCESS_CONTEXT` which doesn't exist in v3-1-test)
- test_supervisor.py: Replaced `@pytest.mark.xfail` workaround with proper `use_real_secrets_backends` fixture

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* CI: Upgrade important CI environment (#62981)

* chore(deps-dev): bump the core-ui-package-updates group across 1 directory with 3 updates (#62968)

Bumps the core-ui-package-updates group with 1 update in the /airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui directory: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin).


Updates `@typescript-eslint/eslint-plugin` from 8.50.0 to 8.56.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.50.0 to 8.56.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/parser)

Updates `ts-morph` from 23.0.0 to 27.0.2
- [Release notes](https://github.com/dsherret/ts-morph/releases)
- [Commits](dsherret/ts-morph@23.0.0...27.0.2)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: ts-morph
  dependency-version: 27.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: core-ui-package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] fix: gracefully handle 404 from worker log server for historical retry attempts (#62475) (#63000)

* fix: gracefully handle 404 from worker log server for historical retry attempts
(cherry picked from commit 25e9284)

Co-authored-by: Pradeep Kalluri <128097794+kalluripradeep@users.noreply.github.com>

* [v3-1-test] Remove issue_number option from newsfragment guidance in PR template (#63006) (#63012)

The CI workflow added in #62975 validates that newsfragment filenames use
the PR number, so allowing issue numbers would cause false CI failures.
Align the PR template with the contributing docs and the new validation.
(cherry picked from commit 41969f4)

Co-authored-by: Xiaodong DENG <xddeng@apache.org>

* [v3-1-test] CI: Upgrade important CI environment (#62989) (#63005)

* [v3-1-test] CI: Upgrade important CI environment (#62989)
(cherry picked from commit 60b52b7)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* Fix rebase

---------

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* [v3-1-test] Align integration LocalStack docker-compose with e2e LocalStack config (#62980) (#62993)

(cherry picked from commit 6722c4b)

Co-authored-by: Jason(Zhe-You) Liu <68415893+jason810496@users.noreply.github.com>

* [v3-1-test] Fallback to no constraint builds for docker-context-files installation (#63051) (#63057)

When building PROD from docker-context-files - i.e. when we run main
build with providers built from sources, we should fall back to
no constraints build when there is a conflict with constraints.

This is a follow up after #62378
(cherry picked from commit fef2e62)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* Fill Turkish Translation Gap in v3-1-test (#63010)

* Remove global from FastAPI app.py (#59772) (#62997)

* Remove global from FastAPI app.py

* Remove global from FastAPI app.py

Co-authored-by: Jens Scheffler <95105677+jscheffl@users.noreply.github.com>

* chore(deps): bump actions/setup-java from 4.7.1 to 5.2.0 (#63102)

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.7.1 to 5.2.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@c5195ef...be666c2)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/stale from 9.1.0 to 10.2.0 (#63099)

Bumps [actions/stale](https://github.com/actions/stale) from 9.1.0 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5bef64f...b5d41d4)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 (#63096)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-python from 5.6.0 to 6.2.0 (#63098)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.6.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a26af69...a309ff8)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#63090)

Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@60a0d83...ed59741)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] Split npm dependabot minor+patch and major version PRs (#62889) (#63007)

* Ignore major npm dependabot upgrades

* Move major versions to different group
(cherry picked from commit a2e3613)

Co-authored-by: Brent Bovenzi <brent@astronomer.io>

* chore(deps): bump the core-ui-package-updates group across 1 directory with 2 updates (#63069)

Bumps the core-ui-package-updates group with 2 updates in the /airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui directory: [@chakra-ui/react](https://github.com/chakra-ui/chakra-ui/tree/HEAD/packages/react) and [happy-dom](https://github.com/capricorn86/happy-dom).

Updates `@chakra-ui/react` from 3.33.0 to 3.34.0
- [Release notes](https://github.com/chakra-ui/chakra-ui/releases)
- [Changelog](https://github.com/chakra-ui/chakra-ui/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/chakra-ui/chakra-ui/commits/@chakra-ui/react@3.34.0/packages/react)

Updates `happy-dom` from 20.7.0 to 20.8.3
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.7.0...v20.8.3)

---
updated-dependencies:
- dependency-name: "@chakra-ui/react"
  dependency-version: 3.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: happy-dom
  dependency-version: 20.8.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 (#63128)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...bbbca2d)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-go from 5.5.0 to 6.3.0 (#63124)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@d35c59a...4b73464)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump aws-actions/configure-aws-credentials (#63123)

Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.0.1 to 6.0.0.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@010d0da...8df5847)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-node from 4.4.0 to 6.3.0 (#63119)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@49933ea...53b8394)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] chore(deps): bump actions/setup-go from 5.5.0 to 6.3.0 (#63133) (#63138)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@d35c59a...4b73464)
(cherry picked from commit 274c2b0)



---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] chore(deps): bump actions/download-artifact from 4.3.0 to 8.0.0 (#63065) (#63145)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@d3f86a1...70fc10c)
(cherry picked from commit 2f4646c)



---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump the github-actions-updates group with 2 updates (#63157)

Bumps the github-actions-updates group with 2 updates: [pnpm/action-setup](https://github.com/pnpm/action-setup) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action).


Updates `pnpm/action-setup` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@fe02b34...41ff726)

Updates `slackapi/slack-github-action` from 2.0.0 to 2.1.1
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@485a9d4...91efab1)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-updates
- dependency-name: slackapi/slack-github-action
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] perf: use load_only() in get_dag_runs eager loading to reduce data fetched per task instance (#62482) (#62996)

* perf: use load_only() in eager_load_dag_run_for_validation to reduce data fetched

The get_dag_runs API endpoint was slow on large deployments because
eager_load_dag_run_for_validation() used selectinload on task_instances and
task_instances_histories without restricting which columns were fetched.
This caused SQLAlchemy to load all heavyweight columns (executor_config with
pickled data, hostname, rendered fields, etc.) for every task instance across
every DAG run in the result page — even though only dag_version_id is needed
to traverse the association proxy to DagVersion.

Add load_only(TaskInstance.dag_version_id) and
load_only(TaskInstanceHistory.dag_version_id) to the selectinload chains so
the SELECT for task instances fetches only the identity columns and the FK
needed to resolve the dag_version relationship, significantly reducing the
volume of data transferred from the database on busy deployments.

Fixes #62025

* Fix static checks

---------
(cherry picked from commit 13af96b)

Co-authored-by: Lakshmi Sravya <38032391+LakshmiSravyaVedantham@users.noreply.github.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>

* perf(api): optimize /ui/dags endpoint serialization (#61483) (#63001)

This PR addresses a significant performance issue in the /ui/dags endpoint
where page load times scaled poorly with the number of DAGs (12-16 seconds
for just 25 DAGs in our testing).

Two optimizations are implemented:

1. Cache URLSafeSerializer for file_token generation
   - Previously, a new URLSafeSerializer was instantiated and
     conf.get_mandatory_value() was called for every DAG
   - Now uses @lru_cache to create the serializer once and reuse it

2. Eliminate redundant Pydantic validation in response construction
   - The original pattern used model_validate -> model_dump -> model_validate
     which caused triple serialization overhead per DAG
   - Now validates once with DAGResponse.model_validate(), then uses
     model_construct() to build DAGWithLatestDagRunsResponse

Together, these changes reduced page load time from 12-16 seconds to
~130ms in our dev environment.


(cherry picked from commit a915216)

Co-authored-by: john-rodriguez-mgni <107643943+john-rodriguez-mgni@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* [v3-1-test] Bump astroid>=4 (#63170) (#63174)

(cherry picked from commit 0a985ea)

Co-authored-by: Elad Kalif <45845474+eladkal@users.noreply.github.com>

* chore(deps): bump the core-ui-package-updates group across 1 directory with 2 updates (#63153)

Bumps the core-ui-package-updates group with 1 update in the /airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui directory: [@chakra-ui/react](https://github.com/chakra-ui/chakra-ui/tree/HEAD/packages/react).


Updates `@chakra-ui/react` from 3.33.0 to 3.34.0
- [Release notes](https://github.com/chakra-ui/chakra-ui/releases)
- [Changelog](https://github.com/chakra-ui/chakra-ui/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/chakra-ui/chakra-ui/commits/@chakra-ui/react@3.34.0/packages/react)

Updates `happy-dom` from 20.7.0 to 20.8.3
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.7.0...v20.8.3)

---
updated-dependencies:
- dependency-name: "@chakra-ui/react"
  dependency-version: 3.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: happy-dom
  dependency-version: 20.8.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] Further limit setuptools after 82.0.1 is released (until redoc fixes it) (#63202) (#63203)

(cherry picked from commit b528e50)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* Fix race condition in auth manager initialization (#62431) (#62995)

FAB FastAPI routes call get_application_builder() on every request,
which creates a new Flask app and invokes init_app(). Concurrent calls
race on the singleton auth_manager's appbuilder and security_manager,
causing KeyError: 'AUTH_USER_REGISTRATION' and AttributeError.

Add _init_app_lock around the critical section in init_app() that
mutates the singleton auth_manager state and registers views, so
concurrent get_application_builder() calls are serialized.

Co-authored-by: Young-Ki Kim <kimyoungi99@naver.com>

* chore(deps): bump github/codeql-action (#63223)

Bumps the github-actions-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.0 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ce28f5b...0d579ff)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] Clarify docs on max_active_tasks parameter on a Dag (#63217) (#63228)

(cherry picked from commit 9ae1875)

Co-authored-by: Jens Scheffler <95105677+jscheffl@users.noreply.github.com>

* [v3-1-test] Fix undefined variable in install_from_external_spec error message (#63233) (#63237)

The error message in install_from_external_spec() referenced
${INSTALLATION_METHOD} which does not exist — the correct variable
is ${AIRFLOW_INSTALLATION_METHOD}. With set -u active, hitting this
error path would crash with an "unbound variable" error instead of
printing the intended user-friendly message.

The typo was introduced in a1717a6 and carried forward into the
inlined copies in both Dockerfiles.
(cherry picked from commit 2ab6f94)

Co-authored-by: Xiaodong DENG <xddeng@apache.org>

* Fix grid view URL for dynamic task groups (#63205)

Dynamic task groups with isMapped=true were getting /mapped appended
to their URL in the grid view, producing URLs like
/tasks/group/{groupId}/mapped which has no matching route (404).

The graph view correctly handles this by not appending /mapped for groups.
This fix adds the same guard to buildTaskInstanceUrl.

closes: #63197
(cherry picked from commit 7bc23ef)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Dev-iL <6509619+Dev-iL@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Wei Lee <weilee.rx@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Pradeep Kalluri <128097794+kalluripradeep@users.noreply.github.com>
Co-authored-by: Xiaodong DENG <xddeng@apache.org>
Co-authored-by: Bugra Ozturk <bugraoz93@users.noreply.github.com>
Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Jason(Zhe-You) Liu <68415893+jason810496@users.noreply.github.com>
Co-authored-by: Vincent <97131062+vincbeck@users.noreply.github.com>
Co-authored-by: Jens Scheffler <95105677+jscheffl@users.noreply.github.com>
Co-authored-by: Brent Bovenzi <brent@astronomer.io>
Co-authored-by: Lakshmi Sravya <38032391+LakshmiSravyaVedantham@users.noreply.github.com>
Co-authored-by: john-rodriguez-mgni <107643943+john-rodriguez-mgni@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Elad Kalif <45845474+eladkal@users.noreply.github.com>
Co-authored-by: Young-Ki Kim <kimyoungi99@naver.com>
Co-authored-by: Subham <subhamsangwan26@gmail.com>
vatsrahul1001 pushed a commit that referenced this pull request Mar 25, 2026
@dependabot @vatsrahul1001
chore(deps): bump github/codeql-action (#63223)
b555e90 
Bumps the github-actions-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.0 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ce28f5b...0d579ff)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
vatsrahul1001 pushed a commit that referenced this pull request Mar 25, 2026
@pierrejeambrun @Dev-iL
@claude @Lee-W @dependabot @github-actions @kalluripradeep @XD-DENG @bugraoz93 @potiuk @jason810496 @vincbeck @jscheffl @bbovenzi @LakshmiSravyaVedantham @john-rodriguez-mgni @cursoragent @eladkal @kimyoungi99 @Subham-KRLX @vatsrahul1001
[v3-1-test] Fix grid view URL for dynamic task groups (#63205) (#63254)
e48b50b 
* fix: Unhandled Exception in remote logging if connection doesn't exist(#59801) (#62979)

Cherry-picked from 3428dc9 with conflict resolution:
- context.py: Added `import inspect` (skip `import functools` as `from functools import cache` already exists)
- supervisor.py: Adopted early-return pattern and explicit `del` for GC, kept simpler env var handling (no `_AIRFLOW_PROCESS_CONTEXT` which doesn't exist in v3-1-test)
- test_supervisor.py: Replaced `@pytest.mark.xfail` workaround with proper `use_real_secrets_backends` fixture

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* CI: Upgrade important CI environment (#62981)

* chore(deps-dev): bump the core-ui-package-updates group across 1 directory with 3 updates (#62968)

Bumps the core-ui-package-updates group with 1 update in the /airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui directory: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin).


Updates `@typescript-eslint/eslint-plugin` from 8.50.0 to 8.56.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.50.0 to 8.56.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/parser)

Updates `ts-morph` from 23.0.0 to 27.0.2
- [Release notes](https://github.com/dsherret/ts-morph/releases)
- [Commits](dsherret/ts-morph@23.0.0...27.0.2)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: ts-morph
  dependency-version: 27.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: core-ui-package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] fix: gracefully handle 404 from worker log server for historical retry attempts (#62475) (#63000)

* fix: gracefully handle 404 from worker log server for historical retry attempts
(cherry picked from commit 25e9284)

Co-authored-by: Pradeep Kalluri <128097794+kalluripradeep@users.noreply.github.com>

* [v3-1-test] Remove issue_number option from newsfragment guidance in PR template (#63006) (#63012)

The CI workflow added in #62975 validates that newsfragment filenames use
the PR number, so allowing issue numbers would cause false CI failures.
Align the PR template with the contributing docs and the new validation.
(cherry picked from commit 41969f4)

Co-authored-by: Xiaodong DENG <xddeng@apache.org>

* [v3-1-test] CI: Upgrade important CI environment (#62989) (#63005)

* [v3-1-test] CI: Upgrade important CI environment (#62989)
(cherry picked from commit 60b52b7)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* Fix rebase

---------

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* [v3-1-test] Align integration LocalStack docker-compose with e2e LocalStack config (#62980) (#62993)

(cherry picked from commit 6722c4b)

Co-authored-by: Jason(Zhe-You) Liu <68415893+jason810496@users.noreply.github.com>

* [v3-1-test] Fallback to no constraint builds for docker-context-files installation (#63051) (#63057)

When building PROD from docker-context-files - i.e. when we run main
build with providers built from sources, we should fall back to
no constraints build when there is a conflict with constraints.

This is a follow up after #62378
(cherry picked from commit fef2e62)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* Fill Turkish Translation Gap in v3-1-test (#63010)

* Remove global from FastAPI app.py (#59772) (#62997)

* Remove global from FastAPI app.py

* Remove global from FastAPI app.py

Co-authored-by: Jens Scheffler <95105677+jscheffl@users.noreply.github.com>

* chore(deps): bump actions/setup-java from 4.7.1 to 5.2.0 (#63102)

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.7.1 to 5.2.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@c5195ef...be666c2)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/stale from 9.1.0 to 10.2.0 (#63099)

Bumps [actions/stale](https://github.com/actions/stale) from 9.1.0 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5bef64f...b5d41d4)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/checkout from 4.2.2 to 6.0.2 (#63096)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-python from 5.6.0 to 6.2.0 (#63098)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.6.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a26af69...a309ff8)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#63090)

Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@60a0d83...ed59741)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] Split npm dependabot minor+patch and major version PRs (#62889) (#63007)

* Ignore major npm dependabot upgrades

* Move major versions to different group
(cherry picked from commit a2e3613)

Co-authored-by: Brent Bovenzi <brent@astronomer.io>

* chore(deps): bump the core-ui-package-updates group across 1 directory with 2 updates (#63069)

Bumps the core-ui-package-updates group with 2 updates in the /airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui directory: [@chakra-ui/react](https://github.com/chakra-ui/chakra-ui/tree/HEAD/packages/react) and [happy-dom](https://github.com/capricorn86/happy-dom).

Updates `@chakra-ui/react` from 3.33.0 to 3.34.0
- [Release notes](https://github.com/chakra-ui/chakra-ui/releases)
- [Changelog](https://github.com/chakra-ui/chakra-ui/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/chakra-ui/chakra-ui/commits/@chakra-ui/react@3.34.0/packages/react)

Updates `happy-dom` from 20.7.0 to 20.8.3
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.7.0...v20.8.3)

---
updated-dependencies:
- dependency-name: "@chakra-ui/react"
  dependency-version: 3.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: happy-dom
  dependency-version: 20.8.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 (#63128)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...bbbca2d)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-go from 5.5.0 to 6.3.0 (#63124)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@d35c59a...4b73464)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump aws-actions/configure-aws-credentials (#63123)

Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.0.1 to 6.0.0.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@010d0da...8df5847)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-node from 4.4.0 to 6.3.0 (#63119)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@49933ea...53b8394)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] chore(deps): bump actions/setup-go from 5.5.0 to 6.3.0 (#63133) (#63138)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.5.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@d35c59a...4b73464)
(cherry picked from commit 274c2b0)



---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] chore(deps): bump actions/download-artifact from 4.3.0 to 8.0.0 (#63065) (#63145)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@d3f86a1...70fc10c)
(cherry picked from commit 2f4646c)



---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump the github-actions-updates group with 2 updates (#63157)

Bumps the github-actions-updates group with 2 updates: [pnpm/action-setup](https://github.com/pnpm/action-setup) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action).


Updates `pnpm/action-setup` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@fe02b34...41ff726)

Updates `slackapi/slack-github-action` from 2.0.0 to 2.1.1
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@485a9d4...91efab1)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-updates
- dependency-name: slackapi/slack-github-action
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] perf: use load_only() in get_dag_runs eager loading to reduce data fetched per task instance (#62482) (#62996)

* perf: use load_only() in eager_load_dag_run_for_validation to reduce data fetched

The get_dag_runs API endpoint was slow on large deployments because
eager_load_dag_run_for_validation() used selectinload on task_instances and
task_instances_histories without restricting which columns were fetched.
This caused SQLAlchemy to load all heavyweight columns (executor_config with
pickled data, hostname, rendered fields, etc.) for every task instance across
every DAG run in the result page — even though only dag_version_id is needed
to traverse the association proxy to DagVersion.

Add load_only(TaskInstance.dag_version_id) and
load_only(TaskInstanceHistory.dag_version_id) to the selectinload chains so
the SELECT for task instances fetches only the identity columns and the FK
needed to resolve the dag_version relationship, significantly reducing the
volume of data transferred from the database on busy deployments.

Fixes #62025

* Fix static checks

---------
(cherry picked from commit 13af96b)

Co-authored-by: Lakshmi Sravya <38032391+LakshmiSravyaVedantham@users.noreply.github.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>

* perf(api): optimize /ui/dags endpoint serialization (#61483) (#63001)

This PR addresses a significant performance issue in the /ui/dags endpoint
where page load times scaled poorly with the number of DAGs (12-16 seconds
for just 25 DAGs in our testing).

Two optimizations are implemented:

1. Cache URLSafeSerializer for file_token generation
   - Previously, a new URLSafeSerializer was instantiated and
     conf.get_mandatory_value() was called for every DAG
   - Now uses @lru_cache to create the serializer once and reuse it

2. Eliminate redundant Pydantic validation in response construction
   - The original pattern used model_validate -> model_dump -> model_validate
     which caused triple serialization overhead per DAG
   - Now validates once with DAGResponse.model_validate(), then uses
     model_construct() to build DAGWithLatestDagRunsResponse

Together, these changes reduced page load time from 12-16 seconds to
~130ms in our dev environment.


(cherry picked from commit a915216)

Co-authored-by: john-rodriguez-mgni <107643943+john-rodriguez-mgni@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* [v3-1-test] Bump astroid>=4 (#63170) (#63174)

(cherry picked from commit 0a985ea)

Co-authored-by: Elad Kalif <45845474+eladkal@users.noreply.github.com>

* chore(deps): bump the core-ui-package-updates group across 1 directory with 2 updates (#63153)

Bumps the core-ui-package-updates group with 1 update in the /airflow-core/src/airflow/api_fastapi/auth/managers/simple/ui directory: [@chakra-ui/react](https://github.com/chakra-ui/chakra-ui/tree/HEAD/packages/react).


Updates `@chakra-ui/react` from 3.33.0 to 3.34.0
- [Release notes](https://github.com/chakra-ui/chakra-ui/releases)
- [Changelog](https://github.com/chakra-ui/chakra-ui/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/chakra-ui/chakra-ui/commits/@chakra-ui/react@3.34.0/packages/react)

Updates `happy-dom` from 20.7.0 to 20.8.3
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.7.0...v20.8.3)

---
updated-dependencies:
- dependency-name: "@chakra-ui/react"
  dependency-version: 3.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
- dependency-name: happy-dom
  dependency-version: 20.8.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: core-ui-package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] Further limit setuptools after 82.0.1 is released (until redoc fixes it) (#63202) (#63203)

(cherry picked from commit b528e50)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>

* Fix race condition in auth manager initialization (#62431) (#62995)

FAB FastAPI routes call get_application_builder() on every request,
which creates a new Flask app and invokes init_app(). Concurrent calls
race on the singleton auth_manager's appbuilder and security_manager,
causing KeyError: 'AUTH_USER_REGISTRATION' and AttributeError.

Add _init_app_lock around the critical section in init_app() that
mutates the singleton auth_manager state and registers views, so
concurrent get_application_builder() calls are serialized.

Co-authored-by: Young-Ki Kim <kimyoungi99@naver.com>

* chore(deps): bump github/codeql-action (#63223)

Bumps the github-actions-updates group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.0 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ce28f5b...0d579ff)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [v3-1-test] Clarify docs on max_active_tasks parameter on a Dag (#63217) (#63228)

(cherry picked from commit 9ae1875)

Co-authored-by: Jens Scheffler <95105677+jscheffl@users.noreply.github.com>

* [v3-1-test] Fix undefined variable in install_from_external_spec error message (#63233) (#63237)

The error message in install_from_external_spec() referenced
${INSTALLATION_METHOD} which does not exist — the correct variable
is ${AIRFLOW_INSTALLATION_METHOD}. With set -u active, hitting this
error path would crash with an "unbound variable" error instead of
printing the intended user-friendly message.

The typo was introduced in a1717a6 and carried forward into the
inlined copies in both Dockerfiles.
(cherry picked from commit 2ab6f94)

Co-authored-by: Xiaodong DENG <xddeng@apache.org>

* Fix grid view URL for dynamic task groups (#63205)

Dynamic task groups with isMapped=true were getting /mapped appended
to their URL in the grid view, producing URLs like
/tasks/group/{groupId}/mapped which has no matching route (404).

The graph view correctly handles this by not appending /mapped for groups.
This fix adds the same guard to buildTaskInstanceUrl.

closes: #63197
(cherry picked from commit 7bc23ef)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Dev-iL <6509619+Dev-iL@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Wei Lee <weilee.rx@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Pradeep Kalluri <128097794+kalluripradeep@users.noreply.github.com>
Co-authored-by: Xiaodong DENG <xddeng@apache.org>
Co-authored-by: Bugra Ozturk <bugraoz93@users.noreply.github.com>
Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Jason(Zhe-You) Liu <68415893+jason810496@users.noreply.github.com>
Co-authored-by: Vincent <97131062+vincbeck@users.noreply.github.com>
Co-authored-by: Jens Scheffler <95105677+jscheffl@users.noreply.github.com>
Co-authored-by: Brent Bovenzi <brent@astronomer.io>
Co-authored-by: Lakshmi Sravya <38032391+LakshmiSravyaVedantham@users.noreply.github.com>
Co-authored-by: john-rodriguez-mgni <107643943+john-rodriguez-mgni@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Elad Kalif <45845474+eladkal@users.noreply.github.com>
Co-authored-by: Young-Ki Kim <kimyoungi99@naver.com>
Co-authored-by: Subham <subhamsangwan26@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@gopidesupavan gopidesupavan Awaiting requested review from gopidesupavan gopidesupavan is a code owner

@amoghrajesh amoghrajesh Awaiting requested review from amoghrajesh amoghrajesh is a code owner

@jscheffl jscheffl Awaiting requested review from jscheffl jscheffl is a code owner

@bugraoz93 bugraoz93 Awaiting requested review from bugraoz93 bugraoz93 is a code owner

@kaxil kaxil Awaiting requested review from kaxil kaxil is a code owner

@eladkal eladkal Awaiting requested review from eladkal eladkal is a code owner

@jason810496 jason810496 Awaiting requested review from jason810496 jason810496 is a code owner

Assignees

No one assigned

Labels

area:dev-tools dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@potiuk