Skip to content

chore(deps): update github/codeql-action action to v4.35.2#409

Merged
renovate[bot] merged 1 commit intomasterfrom
renovate/workflows-github-codeql-action-4.x
Apr 16, 2026
Merged

chore(deps): update github/codeql-action action to v4.35.2#409
renovate[bot] merged 1 commit intomasterfrom
renovate/workflows-github-codeql-action-4.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 15, 2026

This PR contains the following updates:

Package Type Update Change
github/codeql-action action patch v4.35.1v4.35.2

Release Notes

github/codeql-action (github/codeql-action)

v4.35.2

Compare Source

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
  • Update default CodeQL bundle version to 2.25.2. #​3823

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9c82e0a.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/github/codeql-action/upload-sarif 95e58e9a2cdfd71adc6e0353d5c52f41a045d225 UnknownUnknown

Scanned Files

  • .github/workflows/scan.yml

@renovate renovate Bot merged commit db2db41 into master Apr 16, 2026
14 checks passed
@renovate renovate Bot deleted the renovate/workflows-github-codeql-action-4.x branch April 16, 2026 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants