Update github/codeql-action action to v3.26.5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github/codeql-action	action	patch	v3.26.2 -> v3.26.5

---

Release Notes

github/codeql-action (github/codeql-action)

v3.26.5

Compare Source

v3.26.4

Compare Source

v3.26.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

[puLL-Merge] - github/[email protected]

Description

This PR introduces several updates and improvements to the CodeQL action, including bug fixes, new features, and deprecation notices. The changes span multiple files and include updates to the changelog, action configurations, and various utility functions.

Changes

Changes

1. CHANGELOG.md:

   • Added entries for versions 3.26.5, 3.26.4, and 3.26.3
   • Fixed issues related to MacOS ARM machines with System Integrity Protection disabled
   • Deprecated the add-snippets input on the analyze Action

2. analyze/action.yml:

   • Added deprecation message for the add-snippets input

3. lib/analyze-action.js, lib/init-action-post.js, lib/init-action.js, lib/resolve-environment-action.js, lib/upload-sarif-action.js:

   • Updated checkDiskUsage function calls to include the logger parameter

4. lib/diagnostics.js:

   • Modified the diagnostic file naming to remove colons, ensuring compatibility with Windows filenames

5. lib/environment.js:

   • Added a new environment variable IS_SIP_ENABLED for tracking System Integrity Protection status

6. lib/start-proxy-action-post.js:

   • Replaced console output of proxy logs with artifact upload for debugging

7. lib/start-proxy-action.js:

   • Refactored the proxy configuration and startup process
   • Added support for registries_credentials input
   • Improved error handling and logging

8. lib/util.js:

   • Added checkSipEnablement function to determine System Integrity Protection status
   • Modified checkDiskUsage function to avoid running on MacOS ARM with SIP disabled

9. start-proxy/action.yml:

   • Added registries_credentials input
   • Updated action description

Possible Issues

1. The deprecation of the add-snippets input may cause issues for users who rely on this feature. They will need to be informed about the upcoming removal and potential alternatives.

2. Changes to the proxy configuration and startup process may introduce compatibility issues with existing workflows that use the proxy feature.

Security Hotspots

1. The new registries_credentials input in start-proxy/action.yml handles base64 encoded JSON configuration for package registry credentials. Ensure that this data is properly sanitized and securely handled to prevent potential injection attacks or credential leaks.

2. The checkSipEnablement function in lib/util.js runs the csrutil status command. While this is generally safe, ensure that the output is properly sanitized before use to prevent potential command injection vulnerabilities.