Skip to content

Infra: Group github/codeql-action bumps into a single dependabot PR#2800

Merged
laskoviymishka merged 1 commit into
apache:mainfrom
ebyhr:ebi/actions-codeql
Jul 11, 2026
Merged

Infra: Group github/codeql-action bumps into a single dependabot PR#2800
laskoviymishka merged 1 commit into
apache:mainfrom
ebyhr:ebi/actions-codeql

Conversation

@ebyhr

@ebyhr ebyhr commented Jul 10, 2026

Copy link
Copy Markdown
Member

Thus, dependabot can update these two jobs in a single PR:

- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: actions
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2

@dannycjones dannycjones left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, LGTM.

We haven't seen these bad dependabot PRs yet since those updates haven't exceeded cooldown yet.

@laskoviymishka laskoviymishka merged commit d1b8eac into apache:main Jul 11, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants