chore(deps): bump the minor-and-patch group across 1 directory with 4 updates#23
chore(deps): bump the minor-and-patch group across 1 directory with 4 updates#23dependabot[bot] wants to merge 1 commit into
Conversation
… updates Bumps the minor-and-patch group with 4 updates in the / directory: [github/codeql-action/init](https://github.com/github/codeql-action), [github/codeql-action/autobuild](https://github.com/github/codeql-action), [github/codeql-action/analyze](https://github.com/github/codeql-action) and [actions/setup-python](https://github.com/actions/setup-python). Updates `github/codeql-action/init` from 4.36.1 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@87557b9...8aad20d) Updates `github/codeql-action/autobuild` from 4.36.1 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@87557b9...8aad20d) Updates `github/codeql-action/analyze` from 4.36.1 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@87557b9...8aad20d) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github/codeql-action/autobuild dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github/codeql-action/analyze dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
diff-vader-bot
left a comment
There was a problem hiding this comment.
🟢 Risk: LOW — no substantive findings
✅ Diff Vader · Approved
Council reviewed 2 files · 11 reviewers · 0 findings · $0.80
- ✅
blast‑radius - ✅
correctness - ✅
github‑actions - ❓
iac— skipped: filter: not applicable to changed files - ❓
migration‑safety— skipped: filter: not applicable to changed files - ✅
performance - ✅
revertibility - ✅
security‑tenant‑isolation - ❓
supply‑chain— skipped: filter: not applicable to changed files - ✅
supportability - ✅
test‑adequacy
Why: All approval gates passed.
💡 /diff-vader-review <name> adds a one-shot reviewer. Beyond this PR's council, you can request: backup-correctness, loop-design-system.
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | ||
| uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 |
There was a problem hiding this comment.
pr-reviewer-github-actions — confidence 85% (advisory)
actions/setup-python@ece7cb0 (v6.3.0) was committed ~152 hours ago, just under the 168-hour vetting threshold. This is a dependabot-generated bump from a trusted publisher (actions/), so the risk is low — flagging as advisory. Confirm this SHA corresponds to the v6.3.0 release tag before merging if extra assurance is needed.
React with 👍 / 👎 / 😕 to help us calibrate — why.
Bumps the minor-and-patch group with 4 updates in the / directory: github/codeql-action/init, github/codeql-action/autobuild, github/codeql-action/analyze and actions/setup-python.
Updates
github/codeql-action/initfrom 4.36.1 to 4.36.2Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-infoUpdates
github/codeql-action/autobuildfrom 4.36.1 to 4.36.2Release notes
Sourced from github/codeql-action/autobuild's releases.
Changelog
Sourced from github/codeql-action/autobuild's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-infoUpdates
github/codeql-action/analyzefrom 4.36.1 to 4.36.2Release notes
Sourced from github/codeql-action/analyze's releases.
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-infoUpdates
actions/setup-pythonfrom 6.2.0 to 6.3.0Release notes
Sourced from actions/setup-python's releases.
Commits
ece7cb0Fix pip cache error handling on Windows. (#1040)1d18d7aUpdate advanced-usage.md (#811)d2b357aUpdate dependency versions and test workflow configuration (#1322)8f639b1Merge pull request #1324 from jasongin/update-actions-cache-5.1.06731c2bResolve high-severity audit issues0cb1a84Add RHEL support and include Linux distro in cache keys (#1323)dc6eab6Update dist6f4b74bStrict equalityfa8bde1Bump@actions/cacheto 5.1.0, log cache write deniedc8813baUpgrade@actionsdependencies and update licenses (#1303)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions