chore(deps): bump the actions group across 1 directory with 2 updates#7
chore(deps): bump the actions group across 1 directory with 2 updates#7dependabot[bot] wants to merge 1 commit into
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 9, 2026, 5:11 PM ET / 21:11 UTC. Summary Reproducibility: not applicable. this is a Dependabot GitHub Actions dependency update, not a bug report. The relevant verification is diff review, upstream tag/release verification, YAML parsing, and current-head check status. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Next step before merge
Security Review detailsBest possible solution: Land the pinned CodeQL Action patch update after normal maintainer or code-owner review, keeping the existing workflow permissions and SHA-pinning pattern unchanged. Do we have a high-confidence way to reproduce the issue? Not applicable; this is a Dependabot GitHub Actions dependency update, not a bug report. The relevant verification is diff review, upstream tag/release verification, YAML parsing, and current-head check status. Is this the best way to solve the issue? Yes; updating the existing SHA-pinned CodeQL Action refs in the workflow is the narrow maintainable path for this dependency bump. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 281ed5259705. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (7 earlier review cycles)
|
Bumps the actions group with 2 updates in the / directory: [github/codeql-action/init](https://github.com/github/codeql-action) and [github/codeql-action/analyze](https://github.com/github/codeql-action). Updates `github/codeql-action/init` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) --- updated-dependencies: - dependency-name: github/codeql-action/analyze dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action/init dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
212a593 to
e648243
Compare
Bumps the actions group with 2 updates in the / directory: github/codeql-action/init and github/codeql-action/analyze.
Updates
github/codeql-action/initfrom 4.36.2 to 4.36.3Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying commentsUpdates
github/codeql-action/analyzefrom 4.36.2 to 4.36.3Release notes
Sourced from github/codeql-action/analyze's releases.
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying comments