Skip to content

chore(deps): Pin dependencies#36

Open
williaby wants to merge 1 commit into
mainfrom
renovate/github-actions
Open

chore(deps): Pin dependencies#36
williaby wants to merge 1 commit into
mainfrom
renovate/github-actions

Conversation

@williaby

@williaby williaby commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Package Change Type Update Age Adoption Passing Confidence OpenSSF
ByronWilliamsCPA/.github 1502ecd action pinDigest
SonarSource/sonarqube-scan-action v4.0.0v4.2.2 action minor age adoption passing confidence OpenSSF Scorecard
actions/checkout v4.2.2v4.3.1 action minor age adoption passing confidence OpenSSF Scorecard
actions/dependency-review-action v4.5.0v4.9.0 action minor age adoption passing confidence OpenSSF Scorecard
actions/github-script v7.0.1v7.1.0 action minor age adoption passing confidence OpenSSF Scorecard
actions/setup-python v5.3.0v5.6.0 action minor age adoption passing confidence OpenSSF Scorecard
actions/upload-artifact v4.5.0v4.6.2 action minor age adoption passing confidence OpenSSF Scorecard
astral-sh/setup-uv v7.1.1v7.6.0 action minor age adoption passing confidence OpenSSF Scorecard
lycheeverse/lychee-action (changelog) 2ac9f032b973e8 action digest OpenSSF Scorecard
slsa-framework/slsa-github-generator f7dd8c5 action pinDigest OpenSSF Scorecard
step-security/harden-runner v2.10.1v2.19.4 action minor age adoption passing confidence OpenSSF Scorecard
step-security/harden-runner v2.19.1v2.19.4 action patch age adoption passing confidence OpenSSF Scorecard

Impact

  • ✅ Patch update: bug fixes and security patches only
  • ✅ No breaking changes

Acceptance Criteria

  • All CI checks pass

Testing

  • CI gates pass (tests, lint, type checking, security scan)

Notes


Release Notes

SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)

v4.2.2

Compare Source

Full Changelog: SonarSource/sonarqube-scan-action@v4.2.1...v4.2.2

v4.2.1

Compare Source

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v4.2.0...v4.2.1

v4.2.0

Compare Source

We are happy to announce this new version of the GitHub action, which brings support for C, C++, and Objective-C projects.

The action supports both AutoConfig scenarios, as well as scenarios where Build Wrapper is required, and is a complete replacement of sonarqube-github-c-cpp and sonarcloud-github-c-cpp.

To install Build Wrapper, a new sonarqube-scan-action/install-build-wrapper sub-action is provided.

Check the README for examples of configuration.

On top of C, C++, and Objective-C support, we have also improved our support of self-hosted GitHub runners:

  • we don't expect anymore the temporary runner folder (RUNNER_TEMP) to be cleaned after every job execution: if present, the action will clean it, before running
  • similarly, we don't expect anymore the Sonar SSL folder (~/sonar/ssl) to be cleaned after every job execution: if present, the action will clean it, before running

What's Changed

New Contributors

Full Changelog: SonarSource/sonarqube-scan-action@v4.1.0...v4.2.0

v4.2

Compare Source

v4.1.0

Compare Source

The new version is now the official entrypoint for both Server and Cloud: a single GitHub action to interact with the SonarQube solution, whether on-premise or in the cloud!

It also brings several other improvements, including:

  • the ability to customize the location from where the SonarScanner CLI is downloaded, which can be useful when the runner is self-hosted and has regulated or no access to the Internet
  • the ability to use curl as a fallback when wget is not available in the environment of the runner
  • the requirement of the Java keytool to be available has been lifted

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v4.0.0...v4.1.0

v4.1

Compare Source

actions/checkout (actions/checkout)

v4.3.1

Compare Source

v4.3.0

Compare Source

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Compare Source

Minor fixes:

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

  • Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
  • License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

  • Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
  • Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

actions/github-script (actions/github-script)

v7.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

actions/setup-python (actions/setup-python)

v5.6.0

Compare Source

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

Compare Source

What's Changed
Enhancements:
Bug fixes:
  • Fix architecture for pypy on Linux ARM64 by @​mayeut in #​1011
    This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.
Dependency updates:
New Contributors

Full Changelog: actions/setup-python@v5...v5.5.0

v5.4.0

Compare Source

What's Changed
Enhancements:
Documentation changes:
Dependency updates:
New Contributors

Full Changelog: actions/setup-python@v5...v5.4.0

actions/upload-artifact (actions/upload-artifact)

v4.6.2

Compare Source

What's Changed
  • Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in #​685
New Contributors

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.0

astral-sh/setup-uv (astral-sh/setup-uv)

v7.6.0: 🌈 Fetch uv from Astral's mirror by default

Compare Source

Changes

We now default to download uv from releases.astral.sh.
This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates

v7.6

Compare Source

v7.5.0: 🌈 Use astral-sh/versions as version provider

Compare Source

No more rate-limits

This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.

Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.

The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest.
However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.

This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:

https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson

By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.


[!TIP]
The next section is only interesting for users of the manifest-file input

The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.

The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:

{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}

[!WARNING]
The old format still works but is deprecated. A warning will be logged when you use it.

Changes
🚀 Enhancements
📚 Documentation

v7.5

Compare Source

v7.4.0: 🌈 Add riscv64 architecture support to platform detection

Compare Source

Changes

Thank you @​luhenry for adding support for riscv64 arch

🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates

v7.4

Compare Source

v7.3.1: 🌈 fall back to VERSION_CODENAME when VERSION_ID is not available

Compare Source

Changes

This release adds support for running in containers like debian:testing or debian:unstable

🐛 Bug fixes
🧰 Maintenance

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "after 10pm every weekday,before 5am every weekday,every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings June 11, 2026 02:15
@williaby williaby self-assigned this Jun 11, 2026
@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@williaby, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 35 seconds

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 56e9ee83-2ac4-4253-a93f-59fd234e103c

📥 Commits

Reviewing files that changed from the base of the PR and between 7c2c91e and dde067d.

📒 Files selected for processing (18)
  • .github/workflows/ci.yml
  • .github/workflows/codecov.yml
  • .github/workflows/container-security.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/docs.yml
  • .github/workflows/fips-compatibility.yml
  • .github/workflows/mutation-testing.yml
  • .github/workflows/pr-validation.yml
  • .github/workflows/publish-pypi.yml
  • .github/workflows/python-compatibility.yml
  • .github/workflows/qlty.yml
  • .github/workflows/release.yml
  • .github/workflows/reuse.yml
  • .github/workflows/sbom.yml
  • .github/workflows/scorecard.yml
  • .github/workflows/security-analysis.yml
  • .github/workflows/slsa-provenance.yml
  • .github/workflows/sonarcloud.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/github-actions

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jun 11, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/docs.yml

PackageVersionLicenseIssue Type
ByronWilliamsCPA/.github/.github/workflows/python-docs.yml1502ecdde74ba30e2db1c91778f98b550bcf100eNullUnknown License

.github/workflows/python-compatibility.yml

PackageVersionLicenseIssue Type
ByronWilliamsCPA/.github/.github/workflows/python-compatibility.yml1502ecdde74ba30e2db1c91778f98b550bcf100eNullUnknown License

.github/workflows/scorecard.yml

PackageVersionLicenseIssue Type
ByronWilliamsCPA/.github/.github/workflows/python-scorecard.yml1502ecdde74ba30e2db1c91778f98b550bcf100eNullUnknown License
Denied Licenses: GPL-2.0, GPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
actions/ByronWilliamsCPA/.github/.github/workflows/python-docs.yml 1502ecdde74ba30e2db1c91778f98b550bcf100e UnknownUnknown
actions/ByronWilliamsCPA/.github/.github/workflows/python-compatibility.yml 1502ecdde74ba30e2db1c91778f98b550bcf100e UnknownUnknown
actions/ByronWilliamsCPA/.github/.github/workflows/python-scorecard.yml 1502ecdde74ba30e2db1c91778f98b550bcf100e UnknownUnknown
actions/SonarSource/sonarqube-scan-action 689fb39b34b9aa95ebc5f8f119343ddd51542402 🟢 6.3
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1023 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
SAST🟢 6SAST tool is not run on all commits -- score normalized to 6
actions/actions/checkout 34e114876b0b11c390a56381ad16ebd13914f8d5 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/setup-python a26af69be951a213d495a4c3e4e4022e16d87065 🟢 5.9
Details
CheckScoreReason
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
actions/actions/upload-artifact ea165f8d65b6e75b540449e92b4886f43607fa02 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
actions/step-security/harden-runner 9af89fc71515a100421586dfdb3dc9c984fbf411 🟢 7.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1016 out of 16 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1014 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 016 existing vulnerabilities detected

Scanned Files

  • .github/workflows/docs.yml
  • .github/workflows/python-compatibility.yml
  • .github/workflows/scorecard.yml
  • .github/workflows/sonarcloud.yml

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates and pins GitHub Actions/reusable workflow references in this repository’s CI/security/release workflows to pick up patch/minor fixes and improve supply-chain security (immutable refs).

Changes:

  • Updated multiple GitHub Actions (e.g., actions/checkout, actions/setup-python, actions/upload-artifact, actions/dependency-review-action, actions/github-script, step-security/harden-runner) to newer pinned SHAs.
  • Pinned org-level reusable workflows from ByronWilliamsCPA/.github to a specific commit SHA across several workflows.
  • Updated the SLSA generator workflow reference (but see review comment about tag-vs-SHA constraints).

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.github/workflows/sonarcloud.yml Bumps pinned action SHAs for hardening, checkout, setup-python, Sonar scan, artifact upload.
.github/workflows/slsa-provenance.yml Updates harden-runner; changes SLSA generator reusable workflow ref (needs adjustment).
.github/workflows/security-analysis.yml Pins reusable workflow ref to a specific commit SHA.
.github/workflows/scorecard.yml Updates pinned commit SHA for reusable scorecard workflow.
.github/workflows/sbom.yml Pins reusable SBOM workflow ref to a specific commit SHA.
.github/workflows/reuse.yml Bumps pinned action SHAs for hardening, checkout, artifact upload.
.github/workflows/qlty.yml Updates pinned commit SHA for reusable Qlty coverage workflow.
.github/workflows/python-compatibility.yml Pins reusable compatibility workflow ref to a specific commit SHA.
.github/workflows/publish-pypi.yml Pins reusable publish workflow ref to a specific commit SHA.
.github/workflows/pr-validation.yml Updates pinned SHAs for reusable CI + several actions (harden-runner/checkout/setup-python/setup-uv/lychee).
.github/workflows/mutation-testing.yml Pins reusable mutation workflow ref to a specific commit SHA.
.github/workflows/fips-compatibility.yml Bumps pinned action SHAs for hardening, checkout, setup-uv, upload-artifact, github-script.
.github/workflows/docs.yml Pins reusable docs workflow ref to a specific commit SHA.
.github/workflows/dependency-review.yml Bumps pinned SHAs for harden-runner/checkout and dependency-review-action.
.github/workflows/container-security.yml Pins reusable container security workflow ref to a specific commit SHA.
.github/workflows/codecov.yml Pins reusable codecov workflow ref; bumps harden-runner SHA in failure path.
.github/workflows/ci.yml Pins reusable CI workflow ref; bumps harden-runner SHA in gate job.

id-token: write
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 # tag ref required: generator rejects SHA pins (fetches its release binary by tag)
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a # v2.1.0 # tag ref required: generator rejects SHA pins (fetches its release binary by tag)
@williaby williaby force-pushed the renovate/github-actions branch 2 times, most recently from 321b065 to faf75bd Compare June 12, 2026 05:17
@socket-security

socket-security Bot commented Jun 12, 2026

Copy link
Copy Markdown

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

@williaby williaby force-pushed the renovate/github-actions branch 7 times, most recently from 7ce8e6c to 96f0447 Compare June 21, 2026 02:20
@williaby williaby force-pushed the renovate/github-actions branch 8 times, most recently from 0b25620 to 9e834a1 Compare June 29, 2026 02:20
@williaby williaby force-pushed the renovate/github-actions branch 3 times, most recently from 1ad7469 to f806f9d Compare June 30, 2026 20:17
@williaby williaby force-pushed the renovate/github-actions branch from f806f9d to 0fcabcf Compare June 30, 2026 23:15
@williaby williaby force-pushed the renovate/github-actions branch from 0fcabcf to dde067d Compare July 1, 2026 02:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants