Skip to content

ci(gha): Update github/codeql-action action to v3.35.5#186

Merged
renovate[bot] merged 1 commit into
mainfrom
renovate/github-codeql-action-3.x
May 18, 2026
Merged

ci(gha): Update github/codeql-action action to v3.35.5#186
renovate[bot] merged 1 commit into
mainfrom
renovate/github-codeql-action-3.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 18, 2026

This PR contains the following updates:

Package Type Update Change
github/codeql-action action patch v3.35.4v3.35.5

Release Notes

github/codeql-action (github/codeql-action)

v3.35.5

Compare Source

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner May 18, 2026 14:38
@renovate renovate Bot enabled auto-merge May 18, 2026 14:38
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 18, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/github/codeql-action/upload-sarif 458d36d7d4f47d0dd16ca424c1d3cda0060f1360 UnknownUnknown

Scanned Files

  • .github/workflows/scorecard.yaml

chazypro
chazypro approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@chazypro chazypro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All checks passed. Auto Approved.

@renovate renovate Bot added this pull request to the merge queue May 18, 2026
Merged via the queue into main with commit 2169532 May 18, 2026
6 checks passed
@renovate renovate Bot deleted the renovate/github-codeql-action-3.x branch May 18, 2026 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chazypro chazypro chazypro approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chazypro