Skip to content

Update outdated actions and zizmor to current versions#8

Merged
jpr5 merged 2 commits into
mainfrom
fix/update-actions-and-dependabot
May 15, 2026
Merged

Update outdated actions and zizmor to current versions#8
jpr5 merged 2 commits into
mainfrom
fix/update-actions-and-dependabot

Conversation

@jpr5

@jpr5 jpr5 commented May 15, 2026

Copy link
Copy Markdown

Summary

  • Updates zizmorcore/zizmor-action from v0.5.3 to v0.5.4
  • Updates actions/checkout from v4 to v6.0.2 across all workflows (security_zizmor, check, deploy)
  • Updates actions/setup-node from v4 to v6.4.0 across check and deploy workflows
  • Dependabot config exists and looks correct but has never produced a PR on this repo — may need repo-level enablement in GitHub settings

Context

Supply chain hardening issues #14 (outdated actions) and #18 (zizmor version drift).

jpr5 added 2 commits May 15, 2026 13:31
@jpr5
Update zizmor-action to v0.5.4 and checkout to v6.0.2
11c01e7
@jpr5
Update actions/checkout to v6.0.2 and actions/setup-node to v6.4.0
5697c59 
Bumps from v4 to current major versions across check and deploy
workflows. Dependabot should have caught this but has never run
on this repo despite correct config.
@jpr5 jpr5 merged commit 596c0b6 into main May 15, 2026
7 of 8 checks passed
@jpr5 jpr5 deleted the fix/update-actions-and-dependabot branch May 15, 2026 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jpr5