This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Config Migration Needed - [ ] <!-- create-config-migration-pr --> Select this checkbox to let Renovate create an automated Config Migration PR. ## Repository Problems Renovate tried to run on this repository, but found these problems. - ⚠️ WARN: Package lookup failures - ⚠️ WARN: Failed to assign reviewer --- > [!WARNING] > Renovate failed to look up the following dependencies: `Could not determine new digest for update (github-tags package github/codeql-action)`. > > Files affected: `.github/workflows/supply-chain-promote-core.yml` --- ## Open The following updates have all been created. To force a retry/rebase of any, click on a checkbox below. - [ ] <!-- rebase-branch=renovate/github-actions -->[chore(deps): Update GitHub Actions](../pull/240) (`actions/attest-build-provenance`, `actions/download-artifact`, `actions/setup-node`, `anthropics/claude-code-action`, `github/codeql-action`) - [ ] <!-- rebase-branch=renovate/major-github-actions -->[chore(deps)!: Update GitHub Actions to v8](../pull/241) - [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open PRs at once** ## Detected Dependencies <details><summary>github-actions (60)</summary> <blockquote> <details><summary>.github/workflows/claude-baseline-review.yml (3)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `anthropics/claude-code-action v1.0.158@521136812280ae7ef256e06045655b9da02793f0` → [Updates: `v1.0.159`] </details> <details><summary>.github/workflows/codeql.yml (4)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` </details> <details><summary>.github/workflows/dependency-review.yml (3)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/dependency-review-action v5.0.0@a1d282b36b6f3519aa1f3fc636f609c47dddb294` </details> <details><summary>.github/workflows/pr-validation.yml (4)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` </details> <details><summary>.github/workflows/pre-commit.yml (6)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `python 3.12` </details> <details><summary>.github/workflows/python-ci.yml (12)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-codecov.yml (5)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` </details> <details><summary>.github/workflows/python-compatibility.yml (8)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `python ${{ matrix.python }}` </details> <details><summary>.github/workflows/python-container-security.yml (12)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `hadolint/hadolint-action v3.3.0@2332a7b74a6de0dda2e2221d575162eba76ba5e5` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25` - `aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` </details> <details><summary>.github/workflows/python-dependency-provenance.yml (15)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2` - `actions/setup-node v6.0.0@2028fbc5c25fe9cf00d9f06a71cc4710d4507903` → [Updates: `v6.4.0`] - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `python ${{ inputs.python-version }}` - `node 20` </details> <details><summary>.github/workflows/python-docker.yml (12)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `docker/login-action v4.2.0@650006c6eb7dba73a995cc03b0b2d7f5ca915bee` - `docker/setup-qemu-action v4.1.0@06116385d9baf250c9f4dcb4858b16962ea869c3` - `docker/setup-buildx-action v4.1.0@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5` - `docker/login-action v4.2.0@650006c6eb7dba73a995cc03b0b2d7f5ca915bee` - `docker/metadata-action v6.1.0@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9` - `docker/build-push-action v7.2.0@f9f3042f7e2789586610d6e8b85c8f03e5195baf` - `aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25` - `aquasecurity/trivy-action v0.36.0@ed142fd0673e97e23eac54620cfb913e5ce36c25` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `marocchino/sticky-pull-request-comment v3.0.4@0ea0beb66eb9baf113663a64ec522f60e49231c0` </details> <details><summary>.github/workflows/python-docs.yml (11)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/configure-pages v6.0.0@45bfe0192ca1faeb007ade9deae92b16b8254a0d` - `actions/upload-pages-artifact v5.0.0@fc324d3547104276b827a68afc52ff2a11cc49c9` - `actions/deploy-pages v5.0.0@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-fips-compatibility.yml (8)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` </details> <details><summary>.github/workflows/python-fuzzing.yml (8)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1` - `google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-mutation.yml (7)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-performance-regression.yml (6)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-pr-validation.yml (1)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` </details> <details><summary>.github/workflows/python-precommit.yml (3)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` </details> <details><summary>.github/workflows/python-publish-pypi.yml (12)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-qlty-coverage.yml (4)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `qltysh/qlty-action v2.2.1@fd52dc852530a708d68c3b7342f8d33d1df4cd55` </details> <details><summary>.github/workflows/python-qlty-gate.yml (3)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `qltysh/qlty-action v2.2.1@fd52dc852530a708d68c3b7342f8d33d1df4cd55` </details> <details><summary>.github/workflows/python-release.yml (15)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `python-semantic-release/python-semantic-release v10.5.3@350c48fcb3ffcdfd2e0a235206bc2ecea6b69df0` - `sigstore/gh-action-sigstore-python v3.4.0@5b79a39c381910c090341a2c9b0bf022c8b387e1` - `softprops/action-gh-release v3.0.1@718ea10b132b3b2eba29c1007bb80653f286566b` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-reuse.yml (5)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `fsfe/reuse-action v6.0.0@676e2d560c9a403aa252096d99fcab3e1132b0f5` - `fsfe/reuse-action v6.0.0@676e2d560c9a403aa252096d99fcab3e1132b0f5` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` </details> <details><summary>.github/workflows/python-sbom.yml (24)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `anchore/scan-action v7.4.0@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2` - `anchore/scan-action v7.4.0@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2` - `google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `python ${{ inputs.python-version }}` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-scorecard.yml (5)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `ossf/scorecard-action v2.4.3@4eaacf0543bb3f2c246792bd56e8cdeffafb205a` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` </details> <details><summary>.github/workflows/python-security-analysis.yml (25)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `dorny/paths-filter v4.0.1@fbd0ab8f3e69293af611ebaee6363fc25e6d187d` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/dependency-review-action v5.0.0@a1d282b36b6f3519aa1f3fc636f609c47dddb294` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `python ${{ inputs.python-version }}` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-slsa.yml (1)</summary> - `slsa-framework/slsa-github-generator v2.1.0@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a` </details> <details><summary>.github/workflows/python-snyk-iac.yml (15)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `snyk/actions v1.0.0@9adf32b1121593767fc3c057af55b55db032dc04` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `snyk/actions v1.0.0@9adf32b1121593767fc3c057af55b55db032dc04` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `snyk/actions v1.0.0@9adf32b1121593767fc3c057af55b55db032dc04` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` </details> <details><summary>.github/workflows/python-snyk.yml (18)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `snyk/actions v1.0.0@9adf32b1121593767fc3c057af55b55db032dc04` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `snyk/actions v1.0.0@9adf32b1121593767fc3c057af55b55db032dc04` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `snyk/actions v1.0.0@9adf32b1121593767fc3c057af55b55db032dc04` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-sonarcloud.yml (9)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `SonarSource/sonarqube-scan-action v8.2@713881670b6b3676cda39549040e2d88c70d582e` - `sonarsource/sonarqube-quality-gate-action v1.2.0@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/python-supplemental-checks.yml (15)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `lycheeverse/lychee-action v2.8.0@8646ba30535128ac92d33dfc9133794bfdd9b411` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/github-script v9.0.0@3a2844b7e9c422d3c10d287c895573f7108da1b3` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `amannn/action-semantic-pull-request v6.1.1@48f256284bd46cdaab1048c3721360e808335d50` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `python ${{ inputs.python-version }}` </details> <details><summary>.github/workflows/qlty.yml</summary> </details> <details><summary>.github/workflows/release-tag.yml (2)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` </details> <details><summary>.github/workflows/reuse.yml (6)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `fsfe/reuse-action v6.0.0@676e2d560c9a403aa252096d99fcab3e1132b0f5` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` </details> <details><summary>.github/workflows/scorecard.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>.github/workflows/security-analysis.yml (2)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` </details> <details><summary>.github/workflows/self-test.yml (6)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` </details> <details><summary>.github/workflows/shell-tests.yml (7)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `python 3.12` </details> <details><summary>.github/workflows/sonarcloud.yml (3)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `SonarSource/sonarqube-scan-action v8.2@713881670b6b3676cda39549040e2d88c70d582e` </details> <details><summary>.github/workflows/supply-chain-build-verify.yml (4)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `docker/setup-buildx-action v4.1.0@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` </details> <details><summary>.github/workflows/supply-chain-consume-verify.yml (3)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `sigstore/cosign-installer v4.1.2@6f9f17788090df1f26f669e9d70d6ae9567deba6` </details> <details><summary>.github/workflows/supply-chain-mirror-verify.yml (2)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `sigstore/cosign-installer v4.1.2@6f9f17788090df1f26f669e9d70d6ae9567deba6` </details> <details><summary>.github/workflows/supply-chain-promote-core.yml (11)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v5.0.0@448e3f862ab3ef47aa50ff917776823c9946035b` → [Updates: `v8.0.1`, `v5.0.0`] - `github/codeql-action v4.30.4@4e828ff8d448a8a6e532957b1811f387a63867e8` → [Updates: `v4.36.2`] - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `sigstore/cosign-installer v4.1.2@6f9f17788090df1f26f669e9d70d6ae9567deba6` - `actions/download-artifact v5.0.0@448e3f862ab3ef47aa50ff917776823c9946035b` → [Updates: `v8.0.1`, `v5.0.0`] - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `actions/attest-build-provenance v4.1.0@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32` → [Updates: `v4.1.1`] - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` </details> <details><summary>workflow-templates/python-ci.yml (19)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `python 3.12` - `python ${{ matrix.python-version }}` - `python 3.12` </details> <details><summary>workflow-templates/python-cifuzzy.yml (6)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1` - `google/clusterfuzzlite v1@884713a6c30a92e5e8544c39945cd7cb630abcd1` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` </details> <details><summary>workflow-templates/python-codecov.yml (11)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` - `codecov/codecov-action v7.0.0@fb8b3582c8e4def4969c97caa2f19720cb33a72f` </details> <details><summary>workflow-templates/python-compatibility.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-container-security.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-docs.yml (28)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/cache v6.1.0@55cc8345863c7cc4c66a329aec7e433d2d1c52a9` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `lycheeverse/lychee-action v2.8.0@8646ba30535128ac92d33dfc9133794bfdd9b411` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `peaceiris/actions-gh-pages v4.1.0@84c30a85c19949d7eee79c4ff27748b70285e453` - `python 3.12` - `python 3.12` - `python 3.12` </details> <details><summary>workflow-templates/python-fips-compatibility.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-mutation.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-pr-validation.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-publish-pypi.yml (12)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `snok/install-poetry v1.4.2@a783c322200f0519c7926aa6faa857c4e23e9263` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `pypa/gh-action-pypi-publish v1.14.0@cef221092ed1bacb1cc03d23a2d87d1d172e277b` - `python 3.12` </details> <details><summary>workflow-templates/python-release.yml (12)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `slsa-framework/slsa-github-generator v2.1.0@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `actions/download-artifact v8.0.1@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c` - `sigstore/cosign-installer v4.1.2@6f9f17788090df1f26f669e9d70d6ae9567deba6` - `softprops/action-gh-release v3.0.1@718ea10b132b3b2eba29c1007bb80653f286566b` - `python 3.12` </details> <details><summary>workflow-templates/python-reuse.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-sbom.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-scorecard.yml (1)</summary> - `ByronWilliamsCPA/.github v1@6f71aecae2c91214ca0a0a2206a36cf912aa31ac` </details> <details><summary>workflow-templates/python-security-analysis.yml (29)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `dorny/paths-filter v4.0.1@fbd0ab8f3e69293af611ebaee6363fc25e6d187d` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `snok/install-poetry v1.4.2@a783c322200f0519c7926aa6faa857c4e23e9263` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/dependency-review-action v5.0.0@a1d282b36b6f3519aa1f3fc636f609c47dddb294` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `snok/install-poetry v1.4.2@a783c322200f0519c7926aa6faa857c4e23e9263` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `google/osv-scanner-action v2.3.8@9a498708959aeaef5ef730655706c5a1df1edbc2` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `dependency-check/Dependency-Check_Action 1.1.0@75ba02d6183445fe0761d26e836bde58b1560600` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `github/codeql-action v4.36.2@8aad20d150bbac5944a9f9d289da16a4b0d87c1e` - `python 3.12` - `python 3.12` </details> <details><summary>workflow-templates/python-slsa.yml (7)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6.3.0@ece7cb06caefa5fff74198d8649806c4678c61a1` - `astral-sh/setup-uv v8.2.0@fac544c07dec837d0ccb6301d7b5580bf5edae39` - `actions/upload-artifact v7.0.1@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `slsa-framework/slsa-github-generator v2.1.0@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a` - `python 3.12` </details> <details><summary>workflow-templates/python-sonarcloud.yml (7)</summary> - `step-security/harden-runner v2.19.4@9af89fc71515a100421586dfdb3dc9c984fbf411` - `actions/checkout v7@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0` - `actions/setup-python v6@ece7cb06caefa5fff74198d8649806c4678c61a1` - `SonarSource/sonarqube-scan-action v8@713881670b6b3676cda39549040e2d88c70d582e` - `sonarsource/sonarqube-quality-gate-action v1.2.0@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b` - `actions/upload-artifact v7@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a` - `python 3.12` </details> </blockquote> </details>
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Config Migration Needed
Repository Problems
Renovate tried to run on this repository, but found these problems.
Warning
Renovate failed to look up the following dependencies:
Could not determine new digest for update (github-tags package github/codeql-action).Files affected:
.github/workflows/supply-chain-promote-core.ymlOpen
The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.
actions/attest-build-provenance,actions/download-artifact,actions/setup-node,anthropics/claude-code-action,github/codeql-action)Detected Dependencies
github-actions (60)