From 298d83ec5979feada2f6fa86e0193a86365ece58 Mon Sep 17 00:00:00 2001
From: Ryan Barrett <git@ryanb.org>
Date: Mon, 2 Dec 2024 11:58:43 -0800
Subject: [PATCH] GHA: enable dependabot GHA updates, narrow CodeQL to just
 Python

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

hoping dependabot will upgrade our CodeQL from v1 to v2
https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
---
 .github/dependabot.yml                | 5 +++++
 .github/workflows/codeql-analysis.yml | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cbc4be98..19f108c8 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,3 +8,8 @@ updates:
       interval: "daily"
     allow:
       - dependency-type: "all"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e160cf53..1fce0a10 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -19,7 +19,7 @@ jobs:
       matrix:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['python', 'javascript']
+        language: ['python']
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection