From 6a76daac58e72a145136c03558c9a24cc2df4015 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Thu, 9 Jul 2026 18:42:17 -0600 Subject: [PATCH] Group codeql-action Dependabot updates and bump to v4.36.3 Dependabot opened separate PRs for the init and analyze sub-actions, leaving them on mismatched versions. The analyze step refuses to run when its version differs from the config written by init, so neither PR could pass CI. Grouping the updates keeps both pins in lockstep. --- .github/dependabot.yml | 4 ++++ .github/workflows/codeql.yml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1ace442..a43c47d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,10 @@ updates: interval: "weekly" cooldown: default-days: 7 + groups: + codeql: + patterns: + - "github/codeql-action*" - package-ecosystem: "mix" directory: "/" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d183da4..054bc47 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,12 +29,12 @@ jobs: with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: "/language:${{matrix.language}}"