chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 (thunderbird#11090)

coreycb · web-flow · commit 01e408db2225 · 2026-06-04T10:02:30.000-04:00
diff --git a/.github/workflows/security-codeql.yml b/.github/workflows/security-codeql.yml
@@ -44,7 +44,7 @@ jobs:
           disable-cache: 'true'
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -54,6 +54,6 @@ jobs:
         run: ./gradlew assemble --no-daemon
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/security-fluidscan.yml b/.github/workflows/security-fluidscan.yml
@@ -39,13 +39,13 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload SAST results to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           sarif_file: fluidscan-sast-results.sarif
           category: fluidattacks-sast
 
       - name: "Upload SCA results to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           sarif_file: fluidscan-sca-results.sarif
           category: fluidattacks-sca
diff --git a/.github/workflows/security-scorecard.yml b/.github/workflows/security-scorecard.yml
@@ -44,6 +44,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           sarif_file: results.sarif
