⬆️ Bump github/codeql-action from 4.35.2 to 4.35.5 (#870)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.35.2 to 4.35.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.5</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>v4.35.4</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>v4.35.3</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba"><code>9e0d7b8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3905">#3905</a>
from github/update-v4.35.5-d4b485515</li>
<li><a
href="https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684"><code>6d7d599</code></a>
Add changelog entry for <a
href="https://redirect.github.com/github/codeql-action/issues/3899">#3899</a></li>
<li><a
href="https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14"><code>51f7e38</code></a>
Update changelog for v4.35.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11"><code>d4b4855</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3899">#3899</a>
from github/mbg/esbuild/split</li>
<li><a
href="https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9"><code>127de81</code></a>
Merge remote-tracking branch 'origin/main' into mbg/esbuild/split</li>
<li><a
href="https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b"><code>7fde13f</code></a>
Use src + basename in header to avoid issues on Windows</li>
<li><a
href="https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933"><code>dfa61e7</code></a>
Improve pattern matching and error handling</li>
<li><a
href="https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a"><code>52aafec</code></a>
Import and call <code>runWrapper</code> normally in <code>analyze</code>
tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111"><code>0d08c01</code></a>
Auto-generate shared bundle</li>
<li><a
href="https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204"><code>14085a6</code></a>
Auto-generate entry points</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v4.35.2...v4.35.5">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Monty Bot <monty-bot@arm.com>

Author: dependabot[bot]

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4.35.2
+      uses: github/codeql-action/init@v4.35.5
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v4.35.2
+      uses: github/codeql-action/autobuild@v4.35.5
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4.35.2
+      uses: github/codeql-action/analyze@v4.35.5

.github/workflows/scorecards.yml

@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@6777c894e961d2f153d1ba129f67f775f81e39a1 # v3.32.4
+        uses: github/codeql-action/upload-sarif@bbef5ff663c9afccae3fc839cf7cb5924a14864a # v3.32.4
         with:
           sarif_file: results.sarif

changes/20260515131752.bugfix

@@ -0,0 +1 @@
+Dependency upgrade: codeql-action-4.35.4