Skip to content

build(deps): bump the github-actions-dependencies group with 2 updates#610

Merged
BaseMax merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-838c02f3d1
May 23, 2026
Merged

build(deps): bump the github-actions-dependencies group with 2 updates#610
BaseMax merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-838c02f3d1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Bumps the github-actions-dependencies group with 2 updates: github/codeql-action and docker/login-action.

Updates github/codeql-action from 4.35.4 to 4.35.5

Release notes

Sourced from github/codeql-action's releases.

v4.35.5

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880
Changelog

Sourced from github/codeql-action's changelog.

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880
Commits
  • 9e0d7b8 Merge pull request #3905 from github/update-v4.35.5-d4b485515
  • 6d7d599 Add changelog entry for #3899
  • 51f7e38 Update changelog for v4.35.5
  • d4b4855 Merge pull request #3899 from github/mbg/esbuild/split
  • 127de81 Merge remote-tracking branch 'origin/main' into mbg/esbuild/split
  • 7fde13f Use src + basename in header to avoid issues on Windows
  • dfa61e7 Improve pattern matching and error handling
  • 52aafec Import and call runWrapper normally in analyze tests
  • 0d08c01 Auto-generate shared bundle
  • 14085a6 Auto-generate entry points
  • Additional commits viewable in compare view

Updates docker/login-action from 4 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits
  • 4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 1e233e6 chore: update generated content
  • 6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
  • ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
  • a6f092b chore: update generated content
  • 60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
  • 62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 102c0e6 chore: update generated content
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the github-actions-dependencies group with 2 updates
ed229f0 
Bumps the github-actions-dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [docker/login-action](https://github.com/docker/login-action).


Updates `github/codeql-action` from 4.35.4 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v4.35.4...v4.35.5)

Updates `docker/login-action` from 4 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v4...v4.1.0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 22, 2026
@dependabot dependabot Bot requested a review from BaseMax as a code owner May 22, 2026 19:31
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 22, 2026
@dependabot dependabot Bot requested a review from jbampton as a code owner May 22, 2026 19:31
@dependabot dependabot Bot added the github_actions Pull requests that update GitHub Actions code label May 22, 2026
@github-project-automation github-project-automation Bot moved this to Backlog in Reboot May 22, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

Hey there! 👋 Thanks for submitting your first pull request. We're excited to see your contribution to our project.

If you have any questions, need help, or want feedback, please don't hesitate to reach out. Your efforts make our community stronger.

Keep up the great work! 💪

@BaseMax BaseMax merged commit 0e10c47 into main May 23, 2026
17 of 19 checks passed
@BaseMax BaseMax deleted the dependabot/github_actions/github-actions-dependencies-838c02f3d1 branch May 23, 2026 20:12
@github-project-automation github-project-automation Bot moved this from Backlog to Done in Reboot May 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BaseMax BaseMax Awaiting requested review from BaseMax BaseMax is a code owner

@jbampton jbampton Awaiting requested review from jbampton jbampton is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code github

Projects

Reboot
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BaseMax