Skip to content

build(deps): bump github/codeql-action from 4.36.2 to 4.36.3#1236

Merged
mergify[bot] merged 1 commit into
python-wheel-build:mainfrom
tiran:dependabot/github_actions/github/codeql-action-4.36.3
Jul 7, 2026
Merged

build(deps): bump github/codeql-action from 4.36.2 to 4.36.3#1236
mergify[bot] merged 1 commit into
python-wheel-build:mainfrom
tiran:dependabot/github_actions/github/codeql-action-4.36.3

Conversation

@tiran

@tiran tiran commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Pull Request Description

What

Update all github/codeql-action sub-actions to v4.36.3:

  • codeql-action/init in codeql.yaml
  • codeql-action/upload-sarif in scorecard.yaml

Also configure dependabot to group all github/codeql-action/* updates into a single PR to avoid separate PRs for each sub-action.

Why

Closes: #1231
Closes: #1234

Update all `github/codeql-action` sub-actions to v4.36.3:
- `codeql-action/init` in codeql.yaml
- `codeql-action/upload-sarif` in scorecard.yaml

Also configure dependabot to group all `github/codeql-action/*`
updates into a single PR to avoid separate PRs for each sub-action.

Closes: python-wheel-build#1231
Closes: python-wheel-build#1234
Co-Authored-By: Claude <claude@anthropic.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
@tiran tiran requested a review from a team as a code owner July 7, 2026 14:12
@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR bumps the pinned commit SHAs for two github/codeql-action steps (init in the CodeQL workflow, upload-sarif in the Scorecard workflow) from v4.36.2 to v4.36.3, and adds a Dependabot groups configuration to bundle future github/codeql-action/* updates into a single PR.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Changes

File Change
.github/workflows/codeql.yaml Bumped github/codeql-action/init pinned commit to v4.36.3
.github/workflows/scorecard.yaml Bumped github/codeql-action/upload-sarif pinned commit to v4.36.3
.github/dependabot.yml Added codeql group to bundle github/codeql-action/* updates

Related issues: #1231, #1234

Suggested labels: dependencies, github_actions

Suggested reviewers: none identified from the provided context

🐰 A rabbit's rhyme

Two little SHAs hopped up a notch,
v4.36.3, right on the dot,
Dependabot now groups them tight,
one tidy burrow, no more fight.
thump thump — merged and out of sight! 🥕

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The PR updates both linked targets: codeql-action/init and upload-sarif to v4.36.3.
Out of Scope Changes check ✅ Passed The Dependabot grouping change is directly related to the stated objective and no unrelated changes are present.
Title check ✅ Passed The title accurately summarizes the main change: bumping github/codeql-action versions.
Description check ✅ Passed The description clearly matches the changeset and explains the version bumps and Dependabot grouping.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@mergify mergify Bot added the ci label Jul 7, 2026
@mergify

mergify Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@rd4398 rd4398 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mergify mergify Bot merged commit 3724915 into python-wheel-build:main Jul 7, 2026
39 checks passed
@tiran tiran deleted the dependabot/github_actions/github/codeql-action-4.36.3 branch July 7, 2026 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants