Skip to content

chore(deps): Bump github/codeql-action from 4.36.2 to 4.36.3#82

Merged
pdettori merged 1 commit into
mainfrom
build/bundle-codeql-4.36.3
Jul 9, 2026
Merged

chore(deps): Bump github/codeql-action from 4.36.2 to 4.36.3#82
pdettori merged 1 commit into
mainfrom
build/bundle-codeql-4.36.3

Conversation

@pdettori

@pdettori pdettori commented Jul 9, 2026

Copy link
Copy Markdown
Member

Bundles Dependabot PRs #76 (analyze) and #77 (init) into a single update.

Why bundle

security-scans.yml pins init, analyze, and upload-sarif to a single shared SHA. Bumping only one step in isolation (as each Dependabot PR does) produces a version-skew configuration error and fails the codeql job:

Loaded a configuration file for version '4.36.3', but running version '4.36.2'

What changed

Bumps all four github/codeql-action pins — init, analyze, and both upload-sarif refs across security-scans.yml and scorecard.yml — from 8aad20d (v4.36.2) to 54f647b (v4.36.3), keeping them consistent.

Closes #76
Closes #77

Assisted-By: Claude Code

Bundles Dependabot PRs #76 (analyze) and #77 (init) into a single update
so codeql init/analyze/upload-sarif stay on the same version. Bumping only
one step in isolation produced a version-skew configuration error:

  Loaded a configuration file for version '4.36.3', but running version '4.36.2'

Updates all four github/codeql-action pins (init, analyze, and both
upload-sarif refs across security-scans.yml and scorecard.yml) from
8aad20d (v4.36.2) to 54f647b (v4.36.3).

Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com>
Signed-off-by: Paolo Dettori <dettori@us.ibm.com>
@pdettori pdettori merged commit 274c654 into main Jul 9, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant