Skip to content

Group codeql-action Dependabot updates and bump to v4.36.3#1201

Merged
ericmj merged 1 commit into
mainfrom
group-codeql-updates
Jul 10, 2026
Merged

Group codeql-action Dependabot updates and bump to v4.36.3#1201
ericmj merged 1 commit into
mainfrom
group-codeql-updates

Conversation

@ericmj

@ericmj ericmj commented Jul 10, 2026

Copy link
Copy Markdown
Member

Dependabot opens separate PRs for the codeql-action/init and codeql-action/analyze sub-actions, leaving the two pins on mismatched versions. The analyze step refuses to run when its version differs from the config written by init (Loaded a configuration file for version '4.36.3', but running version '4.36.2'), so neither PR can pass CI.

This adds a Dependabot group so all github/codeql-action* updates land in a single PR, and bumps both pins to v4.36.3.

Dependabot opened separate PRs for the init and analyze sub-actions,
leaving them on mismatched versions. The analyze step refuses to run
when its version differs from the config written by init, so neither
PR could pass CI. Grouping the updates keeps both pins in lockstep.
@ericmj ericmj marked this pull request as ready for review July 10, 2026 00:54
@ericmj ericmj merged commit d61c28a into main Jul 10, 2026
22 checks passed
@ericmj ericmj deleted the group-codeql-updates branch July 10, 2026 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant