[release/v7.5.6] Bump github/codeql-action from 4.34.1 to 4.35.1 by adityapatwardhan · Pull Request #27174 · PowerShell/PowerShell

adityapatwardhan

Backport of #27120 to release/v7.5.6

Triggered by @adityapatwardhan on behalf of @dependabot

Original CL Label: CL-BuildPackaging

/cc @PowerShell/powershell-maintainers

Impact

REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.

Tooling Impact

Required tooling change
Optional tooling change (include reasoning)

Updates the pinned github/codeql-action references used by CodeQL and scorecards workflows on release/v7.5.6 so the release branch receives the upstream 4.35.1 fix.

Customer Impact

Customer reported
Found internally

Regression

REQUIRED: Check exactly one box.

This is not a regression.

Testing

Cherry-picked PR #27120 onto release/v7.5.6 and resolved the workflow pin conflicts by applying the updated CodeQL action SHA to the existing release-branch workflow definitions. Validation was limited to reviewing the resulting YAML changes; no local GitHub Actions execution is available from this environment.

Risk

REQUIRED: Check exactly one box.

High
Medium
Low

The change only updates pinned GitHub Actions workflow dependencies, but it affects repository security-analysis workflows that run in CI. The scope is small and matches the original upstream dependency bump.

Merge Conflicts

Conflicts occurred because release/v7.5.6 had different pinned github/codeql-action SHAs in .github/workflows/analyze-reusable.yml and .github/workflows/scorecards.yml. Resolved by keeping the release-branch workflow structure and updating the pinned CodeQL action references to the SHA from PR #27120.