chore(deps): update github/codeql-action action to v4.35.5

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github/codeql-action	action	patch	v4.35.4 → v4.35.5

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

github/codeql-action (github/codeql-action)

v4.35.5

Compare Source

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[github-actions]

AI Dependency Impact Analysis

Risk Level: MEDIUM

Summary of Dependency Changes

This update to the github/codeql-action action includes improvements to JavaScript bundle generation, a change in how incremental analysis is enabled, a limitation on the analysis-kinds input, and an experimental change related to cached overlay-base databases for CodeQL CLI versions. The primary changes appear to be focused on performance and internal behavior of the CodeQL action.

Affected Code

We do not have access to the codebase, so it is impossible to determine the specific impact of this change to the CodeQL action. However, given that we are using the action, this is likely related to security scanning and code analysis within our CI/CD pipelines.

Breaking Change Assessment

While the release notes mention changes to incremental analysis and the analysis-kinds input, these are unlikely to represent breaking changes in the traditional semver sense, given that it is a patch release. The most likely impact is a change in performance characteristics of the CodeQL action or the type of analysis that is performed. However, the improved incremental analysis defaults to full analysis if diff-informed analysis is unavailable, which should prevent a complete failure.

Security Assessment

There are no explicit security advisories mentioned in the provided context. However, updates to security analysis tools like CodeQL often contain implicit security improvements or bug fixes related to vulnerability detection.

Recommended Action

Review specific areas: The reviewer should specifically check the CI/CD pipelines where the github/codeql-action action is used to ensure that the update has not negatively impacted the scanning process, performance, or reporting of security vulnerabilities. The performance of the action, particularly on pull requests, should be monitored to confirm the intended benefits of improved incremental analysis.

[github-actions]

Risk Level: MEDIUM

Summary of Dependency Changes

This update to the github/codeql-action action includes improvements to JavaScript bundle generation, a change in how incremental analysis is enabled, a limitation on the analysis-kinds input, and an experimental change related to cached overlay-base databases for CodeQL CLI versions. The primary changes appear to be focused on performance and internal behavior of the CodeQL action.

Affected Code

We do not have access to the codebase, so it is impossible to determine the specific impact of this change to the CodeQL action. However, given that we are using the action, this is likely related to security scanning and code analysis within our CI/CD pipelines.

Breaking Change Assessment

While the release notes mention changes to incremental analysis and the analysis-kinds input, these are unlikely to represent breaking changes in the traditional semver sense, given that it is a patch release. The most likely impact is a change in performance characteristics of the CodeQL action or the type of analysis that is performed. However, the improved incremental analysis defaults to full analysis if diff-informed analysis is unavailable, which should prevent a complete failure.

Security Assessment

There are no explicit security advisories mentioned in the provided context. However, updates to security analysis tools like CodeQL often contain implicit security improvements or bug fixes related to vulnerability detection.

Recommended Action

Review specific areas: The reviewer should specifically check the CI/CD pipelines where the github/codeql-action action is used to ensure that the update has not negatively impacted the scanning process, performance, or reporting of security vulnerabilities. The performance of the action, particularly on pull requests, should be monitored to confirm the intended benefits of improved incremental analysis.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.92%. Comparing base (4cdc79c) to head (5d3722b).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #907   +/-   ##
=======================================
  Coverage   76.92%   76.92%           
=======================================
  Files          26       26           
  Lines        2817     2817           
=======================================
  Hits         2167     2167           
  Misses        452      452           
  Partials      198      198           

Flag	Coverage Δ
e2e-tests	30.17% <ø> (ø)
unit-tests	73.98% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.