Skip to content

chore: github actions update(deps): bump github/codeql-action from 4.35.4 to 4.35.5 in /.github/workflows in the version-updates group#340

Merged
mrlunchbox777 merged 2 commits into
mainfrom
dependabot/github_actions/dot-github/workflows/version-updates-bcb0c4251a
May 22, 2026
Merged

chore: github actions update(deps): bump github/codeql-action from 4.35.4 to 4.35.5 in /.github/workflows in the version-updates group#340
mrlunchbox777 merged 2 commits into
mainfrom
dependabot/github_actions/dot-github/workflows/version-updates-bcb0c4251a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the version-updates group in /.github/workflows with 1 update: github/codeql-action.

Updates github/codeql-action from 4.35.4 to 4.35.5

Release notes

Sourced from github/codeql-action's releases.

v4.35.5

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880
Changelog

Sourced from github/codeql-action's changelog.

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880
Commits
  • 9e0d7b8 Merge pull request #3905 from github/update-v4.35.5-d4b485515
  • 6d7d599 Add changelog entry for #3899
  • 51f7e38 Update changelog for v4.35.5
  • d4b4855 Merge pull request #3899 from github/mbg/esbuild/split
  • 127de81 Merge remote-tracking branch 'origin/main' into mbg/esbuild/split
  • 7fde13f Use src + basename in header to avoid issues on Windows
  • dfa61e7 Improve pattern matching and error handling
  • 52aafec Import and call runWrapper normally in analyze tests
  • 0d08c01 Auto-generate shared bundle
  • 14085a6 Auto-generate entry points
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: github actions update(deps): bump github/codeql-action
1935e81 
Bumps the version-updates group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.35.4 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v4.35.4...v4.35.5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added changes/meta .github file changes kind/chore Chore to be completed, e.g. renovate priority/1 Highest priority status/review Ready for review labels May 22, 2026
@dependabot dependabot Bot requested a review from mrlunchbox777 as a code owner May 22, 2026 10:41
@dependabot dependabot Bot added kind/chore Chore to be completed, e.g. renovate changes/meta .github file changes priority/1 Highest priority status/review Ready for review labels May 22, 2026
@github-actions github-actions Bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 22, 2026
@github-actions

github-actions Bot commented May 22, 2026

Copy link
Copy Markdown
Contributor

Thank you for being part of our community and opening a pull request. We will work with you as soon as possible to integrate your contribution.

@mrlunchbox777 mrlunchbox777 merged commit 6bf1368 into main May 22, 2026
1 check passed
@mrlunchbox777 mrlunchbox777 deleted the dependabot/github_actions/dot-github/workflows/version-updates-bcb0c4251a branch May 22, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrlunchbox777 mrlunchbox777 mrlunchbox777 approved these changes

Assignees

No one assigned

Labels

changes/meta .github file changes kind/chore Chore to be completed, e.g. renovate priority/1 Highest priority size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. status/review Ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrlunchbox777