From ec298daba71cf7592feacbd1c0887cddc0659f62 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 1 May 2026 12:57:50 +0000 Subject: [PATCH 1/5] Update changelog for v4.35.3 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d536b9eec..88afe2593f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.35.3 - 01 May 2026 - Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://github.com/github/codeql-action/pull/3850) - Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://github.com/github/codeql-action/pull/3852) From 24e0bb00a931e2a5edb703ce3b22a70f3a3e800b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 1 May 2026 14:07:12 +0100 Subject: [PATCH 2/5] Reorder changelog entries --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88afe2593f..2c537cfabf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,9 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## 4.35.3 - 01 May 2026 +- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://github.com/github/codeql-action/pull/3837) - Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://github.com/github/codeql-action/pull/3850) - Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://github.com/github/codeql-action/pull/3852) -- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://github.com/github/codeql-action/pull/3837) - Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://github.com/github/codeql-action/pull/3865) ## 4.35.2 - 15 Apr 2026 From b73d1d163446ca5e62b96698027210ab41df6a4a Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 1 May 2026 14:09:58 +0100 Subject: [PATCH 3/5] Add changelog entry for #3853 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c537cfabf..f65294a15c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://github.com/github/codeql-action/pull/3837) - Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://github.com/github/codeql-action/pull/3850) +- Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://github.com/github/codeql-action/pull/3853) - Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://github.com/github/codeql-action/pull/3852) - Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://github.com/github/codeql-action/pull/3865) From 933238e8d5b5a4261b99698f08ba877048ad2b60 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 1 May 2026 14:06:46 +0000 Subject: [PATCH 4/5] Update changelog and version after v4.35.3 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f65294a15c..4b0d604e36 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.35.3 - 01 May 2026 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://github.com/github/codeql-action/pull/3837) diff --git a/package-lock.json b/package-lock.json index 3c4bf9f050..5ff08deaff 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.35.3", + "version": "4.35.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.35.3", + "version": "4.35.4", "license": "MIT", "workspaces": [ "pr-checks" diff --git a/package.json b/package.json index 4db28ae9f3..634bb953dc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.35.3", + "version": "4.35.4", "private": true, "description": "CodeQL action", "scripts": { From fbba1e03bea01cccd74fe1a695ca782c63fc32b6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 1 May 2026 14:09:49 +0000 Subject: [PATCH 5/5] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e09612b2c4..7c1046ab3a 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161813,7 +161813,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index e23671da39..f77401d3a4 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -106982,7 +106982,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index e60c541396..8fdbf5fa64 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -103787,7 +103787,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 187674e269..b129fc9ae2 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164923,7 +164923,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/init-action.js b/lib/init-action.js index 2ca71475d5..6acd2a5670 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104341,7 +104341,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 87def4ccd3..efa88bd40f 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -103795,7 +103795,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 44c1520814..1d25f46c20 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103882,7 +103882,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 11e1e8a973..9cc3c099a9 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161760,7 +161760,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 39ef0e5ceb..ad8b42d02e 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120992,7 +120992,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index f5a02a27e8..a0e9fc0c5f 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -106688,7 +106688,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 9f2fd24ebb..7415e2ba97 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161760,7 +161760,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ec89edd96b..088eef3937 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -106716,7 +106716,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.3"; + return "4.35.4"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME");