Skip to content

chore(deps): update github/codeql-action action to v4.35.3#123

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/github-codeql-action-4.x
Open

chore(deps): update github/codeql-action action to v4.35.3#123
renovate[bot] wants to merge 1 commit intomainfrom
renovate/github-codeql-action-4.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 16, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
github/codeql-action action patch v4.35.1v4.35.3

Release Notes

github/codeql-action (github/codeql-action)

v4.35.3

Compare Source

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #​3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #​3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #​3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #​3852
  • Update default CodeQL bundle version to 2.25.3. #​3865

v4.35.2

Compare Source

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
  • Update default CodeQL bundle version to 2.25.2. #​3823

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner April 16, 2026 10:40
@renovate renovate Bot changed the title chore(deps): update github/codeql-action action to v4.35.2 chore(deps): update github/codeql-action action to v4.35.3 May 1, 2026
@renovate renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from d71d5b4 to eaa26e4 Compare May 1, 2026 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants