From 9b412b3bdb93d926c47b5cb69ccc154e4f085da9 Mon Sep 17 00:00:00 2001 From: Ivan Valdes Date: Mon, 6 Jul 2026 13:56:11 -0700 Subject: [PATCH] Group CodeQL action Dependabot version bumps The CodeQL GitHub action uses several (init, autobuild, analyze), and Scorecards use upload-sarif. Sometimes these dependencies need the same version otherwise they may fail. Create a Dependabot group to bump these dependencies simultaneously. Signed-off-by: Ivan Valdes --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 21b563da9d5e..14e97eeb8443 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,10 @@ updates: directory: / schedule: interval: weekly + groups: + codeql: + patterns: + - "github/codeql-action/*" - package-ecosystem: gomod directory: /