From 3d89052e386cc040163de3fea36404f959be7ec9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Thu, 9 Jul 2026 18:42:17 -0600 Subject: [PATCH] Group codeql-action Dependabot updates and bump to v4.36.3 Dependabot opened separate PRs for the init and analyze sub-actions, leaving them on mismatched versions. The analyze step refuses to run when its version differs from the config written by init, so neither PR could pass CI. Grouping the updates keeps both pins in lockstep. --- .github/dependabot.yml | 4 ++++ .github/workflows/codeql.yml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1c4c32d..e5a555b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,10 @@ updates: interval: "weekly" cooldown: default-days: 7 + groups: + codeql: + patterns: + - "github/codeql-action*" - package-ecosystem: "mix" directory: "/" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d183da4..054bc47 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,12 +29,12 @@ jobs: with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: "/language:${{matrix.language}}"