chore(deps): update github/codeql-action action to v3.26.5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
github/codeql-action	action	patch	v3.26.2 -> v3.26.5	v3.26.6

---

Release Notes

github/codeql-action (github/codeql-action)

v3.26.5

Compare Source

v3.26.4

Compare Source

v3.26.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

[puLL-Merge] - github/codeql-action@v3.26.2..v3.26.5

Description

This PR introduces several updates and improvements to the CodeQL action, including bug fixes, new features, and code refactoring. The changes span multiple files and address various aspects of the action's functionality.

Changes

Changes

1. CHANGELOG.md:

   • Added entries for versions 3.26.5, 3.26.4, and 3.26.3, detailing bug fixes and deprecations.

2. analyze/action.yml:

   • Deprecated the add-snippets input for the analyze Action, with a removal planned for August 2025.

3. lib/analyze-action.js and src/analyze-action.ts:

   • Updated the checkDiskUsage function call to include the logger parameter.

4. lib/diagnostics.js and src/diagnostics.ts:

   • Modified the diagnostic file naming to remove colons, ensuring compatibility with Windows filenames.

5. lib/environment.js and src/environment.ts:

   • Added a new environment variable IS_SIP_ENABLED to track System Integrity Protection status on macOS.

6. lib/init-action.js, lib/init.js, src/init-action.ts, and src/init.ts:

   • Removed the isSipEnabled function from init.ts and updated related code to use checkSipEnablement from util.ts.

7. lib/start-proxy-action-post.js and src/start-proxy-action-post.ts:

   • Changed the proxy log handling to upload it as an artifact instead of piping to stdout.

8. lib/start-proxy-action.js and src/start-proxy-action.ts:

   • Refactored the proxy configuration and startup process.
   • Added support for a new registries_credentials input.

9. lib/util.js and src/util.ts:

   • Added a new checkSipEnablement function to determine System Integrity Protection status on macOS.
   • Modified checkDiskUsage to avoid running on macOS ARM with SIP disabled.

10. start-proxy/action.yml:

    • Added a new registries_credentials input for base64 encoded JSON configuration.
    • Updated the action description to indicate it's for internal GitHub use only.

Possible Issues

• The deprecation of the add-snippets input may affect users who rely on this feature. They will need to update their workflows before August 2025.
• Changes to the proxy configuration and startup process may introduce compatibility issues for existing users of the proxy feature.

Security Hotspots

1. The new registries_credentials input in the start-proxy action handles sensitive information. Ensure that this data is properly secured and not logged or exposed in any way.
2. The changes to System Integrity Protection (SIP) checks on macOS could potentially be used to fingerprint systems with SIP disabled, which might be a security concern in some environments.