Skip to content

Update github/codeql-action action to v4.37.1#1282

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-codeql-action-4.x
Open

Update github/codeql-action action to v4.37.1#1282
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-codeql-action-4.x

Conversation

@renovate

@renovate renovate Bot commented May 18, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
github/codeql-action action minor v4.35.3v4.37.1

Release Notes

github/codeql-action (github/codeql-action)

v4.37.1

Compare Source

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #​3956
  • Update default CodeQL bundle version to 2.26.1. #​4019

v4.37.0

Compare Source

  • Update default CodeQL bundle version to 2.26.0. #​3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@​ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #​3973

v4.36.3

Compare Source

No user facing changes.

v4.36.2

Compare Source

  • Cache CodeQL CLI version information across Actions steps. #​3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #​3937
  • Update default CodeQL bundle version to 2.25.6. #​3948

v4.36.1

Compare Source

No user facing changes.

v4.36.0

Compare Source

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #​3894
  • Add support for SHA-256 Git object IDs. #​3893
  • Update default CodeQL bundle version to 2.25.5. #​3926

v4.35.5

Compare Source

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

v4.35.4

Compare Source


Configuration

📅 Schedule: (in timezone America/Los_Angeles)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from a team as a code owner May 18, 2026 08:51
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 18, 2026
@renovate
renovate Bot enabled auto-merge (squash) May 18, 2026 08:51
@renovate
renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from fb64de3 to 456f646 Compare May 22, 2026 12:30
@renovate renovate Bot changed the title Update github/codeql-action action to v4.35.5 Update github/codeql-action action to v4.36.0 May 22, 2026
@renovate
renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from 456f646 to e6144b1 Compare June 2, 2026 16:43
@renovate renovate Bot changed the title Update github/codeql-action action to v4.36.0 Update github/codeql-action action to v4.36.1 Jun 2, 2026
@renovate
renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from e6144b1 to 9b03adb Compare June 4, 2026 16:33
@renovate renovate Bot changed the title Update github/codeql-action action to v4.36.1 Update github/codeql-action action to v4.36.2 Jun 4, 2026
@renovate
renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from 9b03adb to 0682766 Compare July 2, 2026 09:52
@renovate renovate Bot changed the title Update github/codeql-action action to v4.36.2 Update github/codeql-action action to v4.36.3 Jul 2, 2026
@renovate
renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from 0682766 to 30eeaf4 Compare July 8, 2026 14:43
@renovate renovate Bot changed the title Update github/codeql-action action to v4.36.3 Update github/codeql-action action to v4.37.0 Jul 8, 2026
| datasource  | package              | from    | to      |
| ----------- | -------------------- | ------- | ------- |
| github-tags | github/codeql-action | v4.35.3 | v4.37.1 |


Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
renovate Bot force-pushed the renovate/github-codeql-action-4.x branch from 30eeaf4 to 8b6013d Compare July 16, 2026 17:27
@renovate renovate Bot changed the title Update github/codeql-action action to v4.37.0 Update github/codeql-action action to v4.37.1 Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants