From b48ef3b1f81a3530b3aa62a865d5fa3dc77009b0 Mon Sep 17 00:00:00 2001 From: Yuya Ebihara Date: Sat, 11 Jul 2026 08:50:38 +0900 Subject: [PATCH] Infra: Group github/codeql-action bumps into a single dependabot PR --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fc74cd299..325ea2424 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -26,3 +26,10 @@ updates: day: "sunday" cooldown: default-days: 7 + groups: + # The codeql-action init/autobuild/analyze steps must all run the + # same version - split PRs cause a version mismatch that fails the + # Analyze jobs. Group them so a single PR bumps all of them together. + codeql-action: + patterns: + - "github/codeql-action*"