diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7a1392c5..f41cc831 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,3 +11,8 @@ updates: schedule: # Check for updates to GitHub Actions once a week interval: "weekly" + groups: + # Group all CodeQL action updates into a single PR + codeql: + patterns: + - "github/codeql-action/*" diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index a7d33cd4..916664a6 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: ${{ matrix.language }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 9de42cca..458392d6 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -53,6 +53,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif