Merge pull request #617 from dceoy/dependabot/github_actions/github/codeql-action-4.35.5

github-actions[bot] · web-flow · commit 14362fe14646 · 2026-05-22T14:04:42.000Z
Bump github/codeql-action from 4.35.4 to 4.35.5
diff --git a/.github/workflows/github-codeql-analysis.yml b/.github/workflows/github-codeql-analysis.yml
@@ -44,12 +44,12 @@ jobs:
           go-version: ${{ inputs.go-version }}
           cache: true
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e  # v4.35.4
+        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4.35.5
         with:
           languages: ${{ matrix.language }}   # { c-cpp, csharp, go, java-kotlin, javascript-typescript, python, ruby, swift }
       - name: Autobuild   # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
-        uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e  # v4.35.4
+        uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4.35.5
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e  # v4.35.4
+        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4.35.5
         with:
           category: /language:${{ matrix.language }}
diff --git a/.github/workflows/go-package-lint-and-scan.yml b/.github/workflows/go-package-lint-and-scan.yml
@@ -110,7 +110,7 @@ jobs:
           gosec -fmt sarif -out gosec-results.sarif ./...
       - name: Upload gosec results to GitHub Security tab
         if: inputs.use-gosec
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e  # v4.35.4
+        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4.35.5
         with:
           sarif_file: ${{ inputs.package-path }}/gosec-results.sarif
         continue-on-error: true
diff --git a/.github/workflows/microsoft-defender-for-devops.yml b/.github/workflows/microsoft-defender-for-devops.yml
@@ -33,6 +33,6 @@ jobs:
         uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0  # v1.12.0
         id: msdo
       - name: Upload results to Security tab
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e  # v4.35.4
+        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba  # v4.35.5
         with:
           sarif_file: ${{ steps.msdo.outputs.sarifFile }}
