From 40e133b7bbcd20f6ad90c434f7a13db40b5a7640 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Thu, 9 Jul 2026 18:42:17 -0600 Subject: [PATCH] Group codeql-action Dependabot updates and bump to v4.36.3 Dependabot opened separate PRs for the init and analyze sub-actions, leaving them on mismatched versions. The analyze step refuses to run when its version differs from the config written by init, so neither PR could pass CI. Grouping the updates keeps both pins in lockstep. --- .github/dependabot.yml | 4 ++++ .github/workflows/codeql.yml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1c4c32d..e5a555b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,10 @@ updates: interval: "weekly" cooldown: default-days: 7 + groups: + codeql: + patterns: + - "github/codeql-action*" - package-ecosystem: "mix" directory: "/" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d183da4..054bc47 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,12 +29,12 @@ jobs: with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: "/language:${{matrix.language}}"