Skip to content

Commit d61c28a

Browse files
authored
Group codeql-action Dependabot updates and bump to v4.36.3 (#1201)
Dependabot opened separate PRs for the init and analyze sub-actions, leaving them on mismatched versions. The analyze step refuses to run when its version differs from the config written by init, so neither PR could pass CI. Grouping the updates keeps both pins in lockstep.
1 parent fb0a930 commit d61c28a

2 files changed

Lines changed: 6 additions & 2 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,7 @@ updates:
66
interval: "weekly"
77
cooldown:
88
default-days: 7
9+
groups:
10+
codeql:
11+
patterns:
12+
- "github/codeql-action*"

.github/workflows/codeql.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,12 +29,12 @@ jobs:
2929
with:
3030
persist-credentials: false
3131
- name: Initialize CodeQL
32-
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
32+
uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
3333
with:
3434
languages: ${{ matrix.language }}
3535
build-mode: ${{ matrix.build-mode }}
3636
- name: Perform CodeQL Analysis
37-
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
37+
uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
3838
with:
3939
category: "/language:${{matrix.language}}"
4040

0 commit comments

Comments
 (0)