Bump the version-updates group across 1 directory with 8 updates by dependabot[bot] · Pull Request #264 · fish-shop/indent-check

dependabot · 2026-04-11T23:05:09Z

Bumps the version-updates group with 8 updates in the / directory:

Package	From	To
fish-shop/workflows/.github/workflows/codeql-analysis.yml	`1.14.1`	`1.14.2`
fish-shop/workflows/.github/workflows/dependency-review.yml	`1.14.1`	`1.14.2`
fish-shop/workflows/.github/workflows/gitleaks.yml	`1.14.1`	`1.14.2`
fish-shop/workflows/.github/workflows/markdown-links.yml	`1.14.1`	`1.14.2`
fish-shop/workflows/.github/workflows/openssf-scorecard.yml	`1.14.1`	`1.14.2`
fish-shop/workflows/.github/workflows/release-tags.yml	`1.14.1`	`1.14.2`
step-security/harden-runner	`2.16.1`	`2.17.0`
fish-shop/install-fish-shell	`2.1.8`	`2.1.9`

Updates fish-shop/workflows/.github/workflows/codeql-analysis.yml from 1.14.1 to 1.14.2

Release notes

Sourced from fish-shop/workflows/.github/workflows/codeql-analysis.yml's releases.

v1.14.2

What's Changed

Bump the version-updates group across 1 directory with 2 updates by @dependabot[bot] in fish-shop/workflows#185

Full Changelog: fish-shop/workflows@v1.14.1...v1.14.2

Commits

3bab619 Merge pull request #185 from fish-shop/dependabot/github_actions/version-upda...
1d5b908 Bump the version-updates group across 1 directory with 2 updates
See full diff in compare view

Updates fish-shop/workflows/.github/workflows/dependency-review.yml from 1.14.1 to 1.14.2

Release notes

Sourced from fish-shop/workflows/.github/workflows/dependency-review.yml's releases.

v1.14.2

What's Changed

Bump the version-updates group across 1 directory with 2 updates by @dependabot[bot] in fish-shop/workflows#185

Full Changelog: fish-shop/workflows@v1.14.1...v1.14.2

Commits

3bab619 Merge pull request #185 from fish-shop/dependabot/github_actions/version-upda...
1d5b908 Bump the version-updates group across 1 directory with 2 updates
See full diff in compare view

Updates fish-shop/workflows/.github/workflows/gitleaks.yml from 1.14.1 to 1.14.2

Release notes

Sourced from fish-shop/workflows/.github/workflows/gitleaks.yml's releases.

v1.14.2

What's Changed

Bump the version-updates group across 1 directory with 2 updates by @dependabot[bot] in fish-shop/workflows#185

Full Changelog: fish-shop/workflows@v1.14.1...v1.14.2

Commits

3bab619 Merge pull request #185 from fish-shop/dependabot/github_actions/version-upda...
1d5b908 Bump the version-updates group across 1 directory with 2 updates
See full diff in compare view

Updates fish-shop/workflows/.github/workflows/markdown-links.yml from 1.14.1 to 1.14.2

Release notes

Sourced from fish-shop/workflows/.github/workflows/markdown-links.yml's releases.

v1.14.2

What's Changed

Bump the version-updates group across 1 directory with 2 updates by @dependabot[bot] in fish-shop/workflows#185

Full Changelog: fish-shop/workflows@v1.14.1...v1.14.2

Commits

3bab619 Merge pull request #185 from fish-shop/dependabot/github_actions/version-upda...
1d5b908 Bump the version-updates group across 1 directory with 2 updates
See full diff in compare view

Updates fish-shop/workflows/.github/workflows/openssf-scorecard.yml from 1.14.1 to 1.14.2

Release notes

Sourced from fish-shop/workflows/.github/workflows/openssf-scorecard.yml's releases.

v1.14.2

What's Changed

Bump the version-updates group across 1 directory with 2 updates by @dependabot[bot] in fish-shop/workflows#185

Full Changelog: fish-shop/workflows@v1.14.1...v1.14.2

Commits

3bab619 Merge pull request #185 from fish-shop/dependabot/github_actions/version-upda...
1d5b908 Bump the version-updates group across 1 directory with 2 updates
See full diff in compare view

Updates fish-shop/workflows/.github/workflows/release-tags.yml from 1.14.1 to 1.14.2

Release notes

Sourced from fish-shop/workflows/.github/workflows/release-tags.yml's releases.

v1.14.2

What's Changed

Bump the version-updates group across 1 directory with 2 updates by @dependabot[bot] in fish-shop/workflows#185

Full Changelog: fish-shop/workflows@v1.14.1...v1.14.2

Commits

3bab619 Merge pull request #185 from fish-shop/dependabot/github_actions/version-upda...
1d5b908 Bump the version-updates group across 1 directory with 2 updates
See full diff in compare view

Updates step-security/harden-runner from 2.16.1 to 2.17.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.17.0

What's Changed

Policy Store Support

Added use-policy-store and api-key inputs to fetch security policies directly from the StepSecurity Policy Store. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing policy input which requires id-token: write permission. If no policy is found in the store, the action defaults to audit mode.

Full Changelog: step-security/harden-runner@v2.16.1...v2.17.0

Commits

f808768 Feature/policy store (#656)
See full diff in compare view

Updates fish-shop/install-fish-shell from 2.1.8 to 2.1.9

Release notes

Sourced from fish-shop/install-fish-shell's releases.

v2.1.9

What's Changed

Remove fish badge from README.md by @marcransome in fish-shop/install-fish-shell#281

Bump the version-updates group with 6 updates by @dependabot[bot] in fish-shop/install-fish-shell#282

Full Changelog: fish-shop/install-fish-shell@v2.1.8...v2.1.9

Commits

57272d7 Merge pull request #282 from fish-shop/dependabot/github_actions/version-upda...
39b0032 Bump the version-updates group with 6 updates
97e35fc Merge pull request #281 from fish-shop/remove-fish-badge
1083dbf Remove fish badge from README.md
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the version-updates group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fish-shop/workflows/.github/workflows/codeql-analysis.yml](https://github.com/fish-shop/workflows) | `1.14.1` | `1.14.2` | | [fish-shop/workflows/.github/workflows/dependency-review.yml](https://github.com/fish-shop/workflows) | `1.14.1` | `1.14.2` | | [fish-shop/workflows/.github/workflows/gitleaks.yml](https://github.com/fish-shop/workflows) | `1.14.1` | `1.14.2` | | [fish-shop/workflows/.github/workflows/markdown-links.yml](https://github.com/fish-shop/workflows) | `1.14.1` | `1.14.2` | | [fish-shop/workflows/.github/workflows/openssf-scorecard.yml](https://github.com/fish-shop/workflows) | `1.14.1` | `1.14.2` | | [fish-shop/workflows/.github/workflows/release-tags.yml](https://github.com/fish-shop/workflows) | `1.14.1` | `1.14.2` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.17.0` | | [fish-shop/install-fish-shell](https://github.com/fish-shop/install-fish-shell) | `2.1.8` | `2.1.9` | Updates `fish-shop/workflows/.github/workflows/codeql-analysis.yml` from 1.14.1 to 1.14.2 - [Release notes](https://github.com/fish-shop/workflows/releases) - [Commits](fish-shop/workflows@a1ca097...3bab619) Updates `fish-shop/workflows/.github/workflows/dependency-review.yml` from 1.14.1 to 1.14.2 - [Release notes](https://github.com/fish-shop/workflows/releases) - [Commits](fish-shop/workflows@a1ca097...3bab619) Updates `fish-shop/workflows/.github/workflows/gitleaks.yml` from 1.14.1 to 1.14.2 - [Release notes](https://github.com/fish-shop/workflows/releases) - [Commits](fish-shop/workflows@a1ca097...3bab619) Updates `fish-shop/workflows/.github/workflows/markdown-links.yml` from 1.14.1 to 1.14.2 - [Release notes](https://github.com/fish-shop/workflows/releases) - [Commits](fish-shop/workflows@a1ca097...3bab619) Updates `fish-shop/workflows/.github/workflows/openssf-scorecard.yml` from 1.14.1 to 1.14.2 - [Release notes](https://github.com/fish-shop/workflows/releases) - [Commits](fish-shop/workflows@a1ca097...3bab619) Updates `fish-shop/workflows/.github/workflows/release-tags.yml` from 1.14.1 to 1.14.2 - [Release notes](https://github.com/fish-shop/workflows/releases) - [Commits](fish-shop/workflows@a1ca097...3bab619) Updates `step-security/harden-runner` from 2.16.1 to 2.17.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@fe10465...f808768) Updates `fish-shop/install-fish-shell` from 2.1.8 to 2.1.9 - [Release notes](https://github.com/fish-shop/install-fish-shell/releases) - [Commits](fish-shop/install-fish-shell@e4a328d...57272d7) --- updated-dependencies: - dependency-name: fish-shop/workflows/.github/workflows/codeql-analysis.yml dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates - dependency-name: fish-shop/workflows/.github/workflows/dependency-review.yml dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates - dependency-name: fish-shop/workflows/.github/workflows/gitleaks.yml dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates - dependency-name: fish-shop/workflows/.github/workflows/markdown-links.yml dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates - dependency-name: fish-shop/workflows/.github/workflows/openssf-scorecard.yml dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates - dependency-name: fish-shop/workflows/.github/workflows/release-tags.yml dependency-version: 1.14.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates - dependency-name: step-security/harden-runner dependency-version: 2.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: version-updates - dependency-name: fish-shop/install-fish-shell dependency-version: 2.1.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: version-updates ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-11T23:05:30Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1a2868c.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package

Version

Score

Details

actions/fish-shop/workflows/.github/workflows/openssf-scorecard.yml

3bab619c84f7f115693f78dbe8c7c76f2b7a31fb

Unknown

actions/fish-shop/install-fish-shell

57272d7a6e6d42b1554081bfcb818189a2e8413f

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/2 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Contributors	🟢 10	project has 3 contributing companies or organizations -- score normalized to 10
CI-Tests	🟢 10	15 out of 15 merged PRs checked by a CI test -- score normalized to 10

actions/step-security/harden-runner

f808768d1510423e83855289c910610ca9b43176

🟢 7.6

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	14 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 6	project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	11 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	⚠️ 0	13 existing vulnerabilities detected

Scanned Files

.github/workflows/openssf-scorecard.yml
.github/workflows/test.yml

dependabot Bot assigned marcransome Apr 11, 2026

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 11, 2026

dependabot Bot requested a review from a team as a code owner April 11, 2026 23:05

marcransome approved these changes Apr 11, 2026

View reviewed changes

marcransome merged commit 007ee07 into main Apr 11, 2026
11 checks passed

marcransome deleted the dependabot/github_actions/version-updates-038f24ccbb branch April 11, 2026 23:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the version-updates group across 1 directory with 8 updates#264

Bump the version-updates group across 1 directory with 8 updates#264
marcransome merged 1 commit intomainfrom
dependabot/github_actions/version-updates-038f24ccbb

dependabot Bot commented on behalf of github Apr 11, 2026

Uh oh!

github-actions Bot commented Apr 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 11, 2026

v1.14.2

What's Changed

v1.14.2

What's Changed

v1.14.2

What's Changed

v1.14.2

What's Changed

v1.14.2

What's Changed

v1.14.2

What's Changed

v2.17.0

What's Changed

Policy Store Support

v2.1.9

What's Changed

Uh oh!

github-actions Bot commented Apr 11, 2026

Dependency Review

Snapshot Warnings

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant