From 502468feebf71fea50160328366db58df93c459b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Mar 2026 16:32:41 +0000
Subject: [PATCH] chore(deps): bump github/codeql-action from 3.28.18 to 4.35.1

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.18 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.28.18...v4.35.1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml      | 2 +-
 .github/workflows/docker.yml  | 2 +-
 .github/workflows/dogfood.yml | 2 +-
 action.yml                    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fb14bc2..3423128 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -106,7 +106,7 @@ jobs:
 
       - name: Upload SARIF results
         if: github.event_name == 'push'
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: ai-bom-results.sarif
         continue-on-error: true
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c6618eb..3d864e1 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -51,7 +51,7 @@ jobs:
         id: trivy
 
       - name: Upload Trivy SARIF
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         if: always()
         with:
           sarif_file: trivy-results.sarif
diff --git a/.github/workflows/dogfood.yml b/.github/workflows/dogfood.yml
index 02ca608..fba9aef 100644
--- a/.github/workflows/dogfood.yml
+++ b/.github/workflows/dogfood.yml
@@ -29,7 +29,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload SARIF to GitHub Security
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         if: hashFiles('results.sarif') != ''
         with:
           sarif_file: results.sarif
diff --git a/action.yml b/action.yml
index 2d4bcba..c0f00ee 100644
--- a/action.yml
+++ b/action.yml
@@ -93,7 +93,7 @@ runs:
 
     - name: Upload SARIF to GitHub Code Scanning
       if: ${{ inputs.format == 'sarif' && (steps.scan.outputs.sarif_file != '' || inputs.output != '') }}
-      uses: github/codeql-action/upload-sarif@v4
+      uses: github/codeql-action/upload-sarif@v4.35.1
       with:
         sarif_file: ${{ steps.scan.outputs.sarif_file || inputs.output }}