Skip to content

deps: Pin dependencies#4

Merged
ANcpLua merged 1 commit into
mainfrom
renovate/pin-dependencies
May 24, 2026
Merged

deps: Pin dependencies#4
ANcpLua merged 1 commit into
mainfrom
renovate/pin-dependencies

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented May 24, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/ai-inference action pinDigest 17ff458
actions/checkout action pinDigest 34e1148
actions/github-script action pinDigest f28e40c
actions/setup-python action pinDigest a26af69
anthropics/claude-code-action action pinDigest 787c5a0
codacy/codacy-analysis-cli-action action pinDigest 562ee3e

Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented May 24, 2026
edited
Loading

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

Run reviewer

TIP This summary will be updated as you push new changes.

codacy-production[bot]
codacy-production Bot reviewed May 24, 2026
View reviewed changes
Copy link
Copy Markdown

@codacy-production codacy-production Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request successfully pins several GitHub Action dependencies to specific commit SHA digests across the project's workflows. This is a security best practice that prevents supply chain attacks and ensures reproducible build environments.

Codacy analysis indicates that the changes are up to standards, with no new issues or complexity increases. No critical security flaws or logic bugs were identified that would prevent merging.

Test suggestions

  • Verify 'Claude Code Review' workflow triggers and executes using the pinned digests for checkout and claude-code-action.
  • Verify 'Config drift check' workflow triggers and executes using the pinned digests for checkout, setup-python, and upload-artifact.
  • Verify 'Triage Bot' workflow executes correctly using the pinned digest for github-script.
Prompt proposal for missing tests 
Consider implementing these tests if applicable:
1. Verify 'Claude Code Review' workflow triggers and executes using the pinned digests for checkout and claude-code-action.
2. Verify 'Config drift check' workflow triggers and executes using the pinned digests for checkout, setup-python, and upload-artifact.
3. Verify 'Triage Bot' workflow executes correctly using the pinned digest for github-script.

TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback

@renovate renovate Bot force-pushed the renovate/pin-dependencies branch from a35a972 to f6ce31f Compare May 24, 2026 15:19
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch from f6ce31f to 8d3e164 Compare May 24, 2026 15:22
@ANcpLua ANcpLua merged commit 1be749f into main May 24, 2026
5 of 6 checks passed
@ANcpLua ANcpLua deleted the renovate/pin-dependencies branch May 24, 2026 15:44
@ANcpLua ANcpLua added the help wanted Extra attention is needed label May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@codacy-production codacy-production[bot] codacy-production[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies help wanted Extra attention is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ANcpLua