From f2156776d0857f0f44839cc1ab2d714fd5fccfe0 Mon Sep 17 00:00:00 2001 From: Yuya Ebihara Date: Sat, 11 Jul 2026 08:41:46 +0900 Subject: [PATCH] Infra: Group github/codeql-action bumps into a single dependabot PR --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4207b660d4..08b6362978 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -34,3 +34,10 @@ updates: interval: "weekly" cooldown: default-days: 7 + groups: + # The codeql-action init/autobuild/analyze steps must all run the + # same version - split PRs cause a version mismatch that fails the + # Analyze jobs. Group them so a single PR bumps all of them together. + codeql-action: + patterns: + - "github/codeql-action*"