chore(deps): update github/codeql-action action to v4.32.1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github/codeql-action	action	patch	v4.32.0 → v4.32.1

---

Release Notes

github/codeql-action (github/codeql-action)

v4.32.1

Compare Source

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #​3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #​3421

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the CodeQL GitHub Action dependency from version v4.32.0 to v4.32.1 across multiple workflow files. The update affects security analysis and scanning workflows, specifically the CodeQL initialization and analysis steps, as well as the Trivy security scan results upload. The commit SHA references are updated from b20883b0cd1f46c72ae0ba6d1090936928f9fa30 to 6bc82e05fd0ea64601dd4b465378bbcf57de0314. This is a minor patch version bump that likely includes bug fixes or minor improvements to the security tooling without any functional changes to workflow configurations or analysis parameters.

Changes

File(s)	Summary
.github/workflows/codeql.yml .github/workflows/docker.yml	Updated CodeQL GitHub Action from v4.32.0 to v4.32.1, changing commit SHA from b20883b0cd1f46c72ae0ba6d1090936928f9fa30 to 6bc82e05fd0ea64601dd4b465378bbcf57de0314. Affects 'Initialize CodeQL', 'Perform CodeQL Analysis', and Trivy SARIF upload steps.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant Workflow as GitHub Workflow
    participant PNPM as pnpm Package Manager
    participant CodeQLInit as CodeQL Init Action<br/>(v4.32.0 → v4.32.1)
    participant CodeQLAnalyze as CodeQL Analyze Action<br/>(v4.32.0 → v4.32.1)
    participant Codebase as Source Code

    Workflow->>PNPM: Run install --frozen-lockfile
    activate PNPM
    PNPM-->>Workflow: Dependencies installed
    deactivate PNPM

    Workflow->>CodeQLInit: Initialize CodeQL
    activate CodeQLInit
    Note over CodeQLInit: Configure language: ${{ matrix.language }}<br/>Set build-mode: ${{ matrix.build-mode }}
    CodeQLInit->>Codebase: Scan and prepare for analysis
    CodeQLInit-->>Workflow: Initialization complete
    deactivate CodeQLInit

    Note over Workflow,Codebase: Exclude test files:<br/>**/*_test.go

    Workflow->>CodeQLAnalyze: Perform CodeQL Analysis
    activate CodeQLAnalyze
    Note over CodeQLAnalyze: Category: /language:${{ matrix.language }}<br/>Add snippets: true
    CodeQLAnalyze->>Codebase: Analyze source code
    Codebase-->>CodeQLAnalyze: Analysis data
    CodeQLAnalyze-->>Workflow: Analysis results
    deactivate CodeQLAnalyze

    Note over Workflow: Version Update:<br/>Both actions upgraded from<br/>v4.32.0 to v4.32.1

Loading

---

🔗 Cross-Repository Impact Analysis

Enable automatic detection of breaking changes across your dependent repositories. → Set up now

Learn more about Cross-Repository Analysis

What It Does

• Automatically identifies repositories that depend on this code
• Analyzes potential breaking changes across your entire codebase
• Provides risk assessment before merging to prevent cross-repo issues

How to Enable

1. Visit Settings → Code Management
2. Configure repository dependencies
3. Future PRs will automatically include cross-repo impact analysis!

Benefits

• 🛡️ Prevent breaking changes across repositories
• 🔍 Catch integration issues before they reach production
• 📊 Better visibility into your multi-repo architecture

---

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

✅ Review completed for commit e651771.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.58%. Comparing base (20244b6) to head (e651771).
⚠️ Report is 32 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #404   +/-   ##
=======================================
  Coverage   45.58%   45.58%           
=======================================
  Files          14       14           
  Lines         702      702           
=======================================
  Hits          320      320           
  Misses        365      365           
  Partials       17       17           

Flag	Coverage Δ
backend	45.58% <ø> (ø)
unittests	45.58% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 20244b6...e651771. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Released in v1.1.0