Skip to content

chore: github actions update(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in /.github/workflows in the version-updates group#333

Merged
mrlunchbox777 merged 2 commits into
mainfrom
dependabot/github_actions/dot-github/workflows/version-updates-937d73b4db
May 8, 2026
Merged

chore: github actions update(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in /.github/workflows in the version-updates group#333
mrlunchbox777 merged 2 commits into
mainfrom
dependabot/github_actions/dot-github/workflows/version-updates-937d73b4db

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the version-updates group in /.github/workflows with 1 update: github/codeql-action.

Updates github/codeql-action from 4.35.2 to 4.35.3

Release notes

Sourced from github/codeql-action's releases.

v4.35.3

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865
Changelog

Sourced from github/codeql-action's changelog.

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865
Commits
  • e46ed2c Merge pull request #3867 from github/update-v4.35.3-8c6e48dbe
  • b73d1d1 Add changelog entry for #3853
  • 24e0bb0 Reorder changelog entries
  • ec298da Update changelog for v4.35.3
  • 8c6e48d Merge pull request #3865 from github/update-bundle/codeql-bundle-v2.25.3
  • 7190983 Add changelog note
  • 2bb2095 Update default bundle to codeql-bundle-v2.25.3
  • 7851e55 Merge pull request #3850 from github/mbg/private-registry/cloudsmith-gcp
  • 262a15f Add generic non-printable chars test for OIDC configs
  • a6109b1 Merge pull request #3853 from github/mbg/start-proxy/improved-checks
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: github actions update(deps): bump github/codeql-action
9462b29 
Bumps the version-updates group in /.github/workflows with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.35.2 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v4.35.2...v4.35.3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added changes/meta .github file changes kind/chore Chore to be completed, e.g. renovate priority/1 Highest priority status/review Ready for review labels May 8, 2026
@dependabot dependabot Bot requested a review from mrlunchbox777 as a code owner May 8, 2026 10:35
@dependabot dependabot Bot added kind/chore Chore to be completed, e.g. renovate changes/meta .github file changes priority/1 Highest priority status/review Ready for review labels May 8, 2026
@github-actions github-actions Bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026

Thank you for being part of our community and opening a pull request. We will work with you as soon as possible to integrate your contribution.

@mrlunchbox777 mrlunchbox777 merged commit 543e387 into main May 8, 2026
1 check passed
@mrlunchbox777 mrlunchbox777 deleted the dependabot/github_actions/dot-github/workflows/version-updates-937d73b4db branch May 8, 2026 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrlunchbox777 mrlunchbox777 mrlunchbox777 approved these changes

Assignees

No one assigned

Labels

changes/meta .github file changes kind/chore Chore to be completed, e.g. renovate priority/1 Highest priority size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. status/review Ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrlunchbox777