deps: bump github/codeql-action from 4.35.3 to 4.35.4 (#2301)

dependabot[bot] · web-flow · commit 72cfa2e382b4 · 2026-05-09T17:30:45.000Z
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.35.4</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e"><code>68bde55</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3885">#3885</a> from github/update-v4.35.4-803d9e8c3</li> <li><a href="https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e"><code>9739ad2</code></a> Update changelog for v4.35.4</li> <li><a href="https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076"><code>803d9e8</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3883">#3883</a> from github/mbg/test/macro-wrapper</li> <li><a href="https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434"><code>0fd9c7d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3882">#3882</a> from github/dependabot/github_actions/dot-github/wor...</li> <li><a href="https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a"><code>922d6fb</code></a> Use <code>makeMacro</code> instead of <code>test.macro</code></li> <li><a href="https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56"><code>df77e87</code></a> Update test macro snippet</li> <li><a href="https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3"><code>6e3f985</code></a> Add wrapper for <code>test.macro</code></li> <li><a href="https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5"><code>e7a347d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3881">#3881</a> from github/update-bundle/codeql-bundle-v2.25.4</li> <li><a href="https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f"><code>17eabb2</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706"><code>aaef09c</code></a> Bump ruby/setup-ruby</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.35.3&new-version=4.35.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -40,12 +40,12 @@ jobs:
         with:
           go-version-file: go.mod
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
         with:
           languages: ${{ matrix.language }}
       - name: Autobuild
-        uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+        uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -48,6 +48,6 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
         with:
           sarif_file: "trivy-results.sarif"
