From 9bdcb5e7ab502f20ebd36d28991f2233033fe4f6 Mon Sep 17 00:00:00 2001 From: Yuya Ebihara Date: Sat, 11 Jul 2026 08:46:12 +0900 Subject: [PATCH] Infra: Group github/codeql-action bumps into a single dependabot PR --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8581bf19c2..47d3022617 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -25,6 +25,13 @@ updates: day: "sunday" cooldown: default-days: 7 + groups: + # The codeql-action init/autobuild/analyze steps must all run the + # same version - split PRs cause a version mismatch that fails the + # Analyze jobs. Group them so a single PR bumps all of them together. + codeql-action: + patterns: + - "github/codeql-action*" # Maintain dependencies for iceberg - package-ecosystem: "cargo"