From 1a1814a29fd3a15638a86c51ad3b63e0c064f451 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 15:06:17 +0000 Subject: [PATCH 1/3] chore(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3 Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a) --- updated-dependencies: - dependency-name: github/codeql-action/analyze dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 323b8ec5b..f17728b6b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -73,4 +73,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pinv4.36.2 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3 From f144d818cf6d6ed5be577f94e5264535fcf98bd2 Mon Sep 17 00:00:00 2001 From: Terry Howe Date: Fri, 3 Jul 2026 16:48:07 -0600 Subject: [PATCH 2/3] chore(deps): bump codeql-action init/autobuild together and group actions The 4.36.2->4.36.3 bump was split by Dependabot into three separate PRs (init, autobuild, analyze), each of which fails CodeQL with "Loaded a configuration file for version '4.36.2', but running version '4.36.3'" because all three steps must run the same version. Bump init and autobuild to match the analyze bump on this branch, and add a Dependabot group so all github-actions updates come as a single PR going forward, preventing this class of failure. Signed-off-by: Terry Howe --- .github/dependabot.yml | 7 +++++++ .github/workflows/codeql-analysis.yml | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0133fd8f4..e361771c6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -37,3 +37,10 @@ updates: directory: "/" schedule: interval: "daily" + groups: + # Group all GitHub Actions updates into a single PR so multi-path + # actions (e.g. github/codeql-action init/autobuild/analyze) bump + # together and don't fail CI on a version mismatch. + actions: + patterns: + - "*" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f17728b6b..f889f7161 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pinv4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pinv4.36.2 + uses: github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3 # â„šī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl From 012abbfa33e1e6650f8afe842de850a7a98900c3 Mon Sep 17 00:00:00 2001 From: Terry Howe Date: Fri, 3 Jul 2026 17:00:15 -0600 Subject: [PATCH 3/3] style: align codeql-action pin comments with # pin@vX.Y.Z convention Signed-off-by: Terry Howe --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f889f7161..97efcac93 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pin@v4.36.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3 + uses: github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pin@v4.36.3 # â„šī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -73,4 +73,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pin@v4.36.3