chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1#39
chore(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1#39dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@57e3a13...e79a696) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Greptile SummaryThis PR bumps
Confidence Score: 5/5Safe to merge — single-line SHA bump picking up a security fix with no logic changes. The only change is updating the pinned SHA for a CI upload action to a patch release that fixes a template-injection vulnerability. The rest of the workflow is unchanged, the token and file inputs are identical, and the action's public changelog confirms no breaking changes. No files require special attention.
|
| Filename | Overview |
|---|---|
| .github/workflows/ci.yml | Bumps the pinned SHA for codecov/codecov-action from v6.0.0 to v6.0.1 to pick up a template-injection security fix (VULN-1652). |
Sequence Diagram
sequenceDiagram
participant CI as GitHub Actions CI
participant Codecov as codecov/codecov-action@e79a696 (v6.0.1)
participant Server as Codecov Server
CI->>CI: cargo llvm-cov → lcov.info
CI->>Codecov: Upload lcov.info + CODECOV_TOKEN
Codecov->>Server: POST coverage report
Server-->>Codecov: 200 OK
Codecov-->>CI: Upload complete
Reviews (1): Last reviewed commit: "chore(deps): bump codecov/codecov-action..." | Re-trigger Greptile
|
Superseded by #43. |
dependabot
Bot
deleted the
dependabot/github_actions/codecov/codecov-action-6.0.1
branch
Bumps codecov/codecov-action from 6.0.0 to 6.0.1.
Release notes
Sourced from codecov/codecov-action's releases.
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
e79a696chore(release): 6.0.1 (#1949)51e6422fix: prevent template injection in run: steps (VULN-1652) (#1947)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)