Skip to content

ci(deps): bump codeql-action to 4.36.3 and group action bumps#536

Merged
githubrobbi merged 1 commit into
mainfrom
ci/codeql-action-4.36.3
Jul 7, 2026
Merged

ci(deps): bump codeql-action to 4.36.3 and group action bumps#536
githubrobbi merged 1 commit into
mainfrom
ci/codeql-action-4.36.3

Conversation

@githubrobbi

Copy link
Copy Markdown
Collaborator

Why

CodeQL requires every github/codeql-action step (init, analyze) to use the same version. Dependabot opened the 4.36.2 → 4.36.3 bump as two separate PRs:

Each branch therefore carried a version mismatch. The CodeQL run warned "Not all workflow steps that use github/codeql-action actions use the same version" and the SARIF upload errored, so neither PR could ever go green — they were stuck in the merge queue indefinitely.

Fix

  1. Bump both init and analyze to 4.36.3 (SHA 54f647b…) in one commit → versions match → CodeQL passes.
  2. Add a groups: to the github-actions Dependabot block so all action bumps arrive as one PR going forward, keeping multi-step actions in lockstep. Prevents recurrence.

Supersedes #533 and #534 (both will be closed).

🤖 Generated with Claude Code

Bump github/codeql-action `init` + `analyze` from 4.36.2 to 4.36.3
together. CodeQL requires all `codeql-action` steps to use the same
version; Dependabot had opened them as two separate PRs (#533 init,
#534 analyze), so each branch carried a version mismatch that failed
"Not all steps use the same version" and errored on SARIF upload,
blocking both.

Also add a `groups:` to the github-actions Dependabot config so all
action bumps arrive as one PR, keeping multi-step actions in lockstep
and preventing this split from recurring. Supersedes #533 and #534.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@githubrobbi githubrobbi enabled auto-merge July 7, 2026 16:12
@githubrobbi githubrobbi added this pull request to the merge queue Jul 7, 2026
Merged via the queue into main with commit dc3f49b Jul 7, 2026
22 checks passed
@githubrobbi githubrobbi deleted the ci/codeql-action-4.36.3 branch July 7, 2026 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant