Skip to content

chore(deps): Bump the minor-and-patch group with 2 updates#29

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/main/minor-and-patch-9c13cf6323
Open

chore(deps): Bump the minor-and-patch group with 2 updates#29
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/main/minor-and-patch-9c13cf6323

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026
edited
Loading

Bumps the minor-and-patch group with 2 updates: github/codeql-action and cbrgm/pr-size-labeler-action.

Updates github/codeql-action from 4.35.2 to 4.35.3

Release notes

Sourced from github/codeql-action's releases.

v4.35.3

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865
Changelog

Sourced from github/codeql-action's changelog.

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865
Commits
  • e46ed2c Merge pull request #3867 from github/update-v4.35.3-8c6e48dbe
  • b73d1d1 Add changelog entry for #3853
  • 24e0bb0 Reorder changelog entries
  • ec298da Update changelog for v4.35.3
  • 8c6e48d Merge pull request #3865 from github/update-bundle/codeql-bundle-v2.25.3
  • 7190983 Add changelog note
  • 2bb2095 Update default bundle to codeql-bundle-v2.25.3
  • 7851e55 Merge pull request #3850 from github/mbg/private-registry/cloudsmith-gcp
  • 262a15f Add generic non-printable chars test for OIDC configs
  • a6109b1 Merge pull request #3853 from github/mbg/start-proxy/improved-checks
  • Additional commits viewable in compare view

Updates cbrgm/pr-size-labeler-action from 1.3.7 to 1.3.8

Release notes

Sourced from cbrgm/pr-size-labeler-action's releases.

v1.3.8

What's Changed

Full Changelog: cbrgm/pr-size-labeler-action@v1...v1.3.8

Commits
  • 6969877 major(deps): update module github.com/google/go-github/v84 to v85 (#261)
  • dfa9c6c ci(tools): update cbrgm/semver-tag-sync-action action to v1.1.0 (#260)
  • e3c7b93 ci(tools): update dependabot/fetch-metadata action to v3.1.0 (#259)
  • c29bd40 ci(tools): update softprops/action-gh-release action to v3 (#258)
  • 034a54c ci(tools): update docker/build-push-action action to v7.1.0 (#257)
  • 2fae793 deps(golangci-lint): update to golangci-lint v2.11.4
  • e115231 patch(deps): update patch versions to v1.26.2 (#255)
  • 87279e3 ci(tools): update docker/login-action action to v4.1.0 (#254)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the minor-and-patch group with 2 updates
ec95601 
Bumps the minor-and-patch group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [cbrgm/pr-size-labeler-action](https://github.com/cbrgm/pr-size-labeler-action).


Updates `github/codeql-action` from 4.35.2 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v4.35.2...v4.35.3)

Updates `cbrgm/pr-size-labeler-action` from 1.3.7 to 1.3.8
- [Release notes](https://github.com/cbrgm/pr-size-labeler-action/releases)
- [Commits](cbrgm/pr-size-labeler-action@v1.3.7...v1.3.8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: cbrgm/pr-size-labeler-action
  dependency-version: 1.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area/CI GitHub Workflows workflow/auto-pr If the PR has been automatically created workflow/dependabot Dependabot bumps labels May 1, 2026
@dependabot dependabot Bot requested a review from Synertry as a code owner May 1, 2026 20:33
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026

Hello @dependabot[bot]! Thank you for your contribution.

If you are fixing a bug, please reference the issue number in the description.
If you are implementing a feature request, please check with the maintainers that the feature will be accepted first.

@github-actions github-actions Bot added the size/s <= 150 lines & <= 10 file label May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Synertry Synertry Awaiting requested review from Synertry Synertry is a code owner

Assignees

@Synertry Synertry

Labels

area/CI GitHub Workflows size/s <= 150 lines & <= 10 file workflow/auto-pr If the PR has been automatically created workflow/dependabot Dependabot bumps

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Synertry