chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4b12bfe#57
Conversation
|
Warning Review limit reached
Next review available in: 45 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Updates the pinned commit digest for the ByronWilliamsCPA/.github reusable workflows referenced by this repository, keeping the org workflow inventory in sync with the caller workflows.
Changes:
- Re-pin the ByronWilliamsCPA/.github reusable workflow references from
671ea6d...to987d517...in the reusable workflow inventory. - Apply the same new digest across the security analysis, Qlty coverage, and Scorecard entries.
9f2b847 to
bdd7053
Compare
bdd7053 to
df69070
Compare
df69070 to
564360e
Compare
564360e to
94fdc78
Compare
94fdc78 to
b8643ad
Compare
b8643ad to
1df4a01
Compare
1df4a01 to
f8f7670
Compare
f8f7670 to
7534f39
Compare
7534f39 to
30d3f40
Compare
30d3f40 to
c45fb6a
Compare
c45fb6a to
1e205bd
Compare
1e205bd to
eb88306
Compare
eb88306 to
8ce1009
Compare
8ce1009 to
21bee9f
Compare
21bee9f to
656b9b1
Compare
656b9b1 to
c4052fc
Compare
c4052fc to
63cf299
Compare
PR ReviewPREMISE: QUESTION — The inventory doc advances to the new digest while the three workflow callers it is meant to mirror stay at the old SHA. Renovate config blocks the caller bump, so this class of PR drifts the inventory on every digest bump. Important — doc/caller pin drift This creates the inventory drift the custom Renovate manager exists to prevent. Root cause is in Decision needed (not a mechanical fix): either accept the doc as a "latest-main" pointer that leads the callers (and adjust the "inventory/freshness" framing), or relax Clean: new SHA This bot auto-rebases its branches; 🤖 Generated with Claude Code |
… in sync The .github digest bump (PR #57) advanced docs/reusable-workflow-jobs.yaml to 4b12bfe but left the three workflow callers pinned at 671ea6d, creating the inventory drift the custom Renovate manager exists to prevent. Root cause: packageRules[4] applied `versioning: semver` + `followTag: v1` to ByronWilliamsCPA/.github for the github-actions manager. The .github repo has no v1 release, and the callers SHA-pin against `main` (`@<sha> # main`). Per Renovate's github-actions manager, a non-semver ref like `# main` routes to the github-digest datasource (digest-pinning updates only); forcing `versioning: semver`/`followTag: v1` overrode that branch tracking, so the manager chased a nonexistent v1 tag and never bumped the callers. The doc's custom regex manager (datasource=git-refs, currentValue=main) was unaffected and advanced alone, hence the drift. Fix: - Remove packageRules[4]. With `pinDigests: true` (packageRules[2]) still in place, the github-actions manager tracks the `# main` branch head and bumps the caller digests in lockstep with the doc inventory. Verified via renovate-config-validator (pre-commit) and Renovate docs. - Reconcile the current drift: bump the 5 caller refs in security-analysis.yml, qlty.yml, and scorecard.yml from 671ea6d to 4b12bfe. Future v1 migration (preserved from the removed rule's note): once ByronWilliamsCPA/.github publishes a v1 release and the callers are repointed to `@<sha> # v1`, re-add a github-actions packageRule with `matchPackagePatterns` for the org .github repos to follow the v1 tag. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
pr-fix applied: root-cause + reconcilePushed Reconciled the drift (this PR now self-consistent):
Fixed the root cause so it does not recur:
Validation: Future v1 migration (preserved from the removed rule's note): once Note: branch is still 🤖 Generated with Claude Code |
|



Summary
Why
Scheduled patch update, bug fixes and security patches with no API changes.
Changes
This PR contains the following updates:
671ea6d→4b12bfeImpact
Acceptance Criteria
Testing
Notes
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.