Skip to content

Bump senzing-factory/github-action-install-senzing-sdk from 4 to 5 in the senzing-factory group#146

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/senzing-factory-dc9c25b0f9
Open

Bump senzing-factory/github-action-install-senzing-sdk from 4 to 5 in the senzing-factory group#146
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/senzing-factory-dc9c25b0f9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026

Bumps the senzing-factory group with 1 update: senzing-factory/github-action-install-senzing-sdk.

Updates senzing-factory/github-action-install-senzing-sdk from 4 to 5

Release notes

Sourced from senzing-factory/github-action-install-senzing-sdk's releases.

5.0.0

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v4...5.0.0

4.0.5

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v4...4.0.5

4.0.4

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v4...4.0.4

4.0.3

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v4...4.0.3

4.0.2

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v4...4.0.2

4.0.1

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v4...4.0.1

Changelog

Sourced from senzing-factory/github-action-install-senzing-sdk's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog], [markdownlint], and this project adheres to [Semantic Versioning].

[Unreleased]

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump senzing-factory/github-action-install-senzing-sdk
0d29d85 
Bumps the senzing-factory group with 1 update: [senzing-factory/github-action-install-senzing-sdk](https://github.com/senzing-factory/github-action-install-senzing-sdk).


Updates `senzing-factory/github-action-install-senzing-sdk` from 4 to 5
- [Release notes](https://github.com/senzing-factory/github-action-install-senzing-sdk/releases)
- [Changelog](https://github.com/senzing-factory/github-action-install-senzing-sdk/blob/main/CHANGELOG.md)
- [Commits](senzing-factory/github-action-install-senzing-sdk@v4...v5)

---
updated-dependencies:
- dependency-name: senzing-factory/github-action-install-senzing-sdk
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: senzing-factory
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner May 14, 2026 17:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

🤖 Claude Code Review

Code Review

Summary: This PR bumps senzing-factory/github-action-install-senzing-sdk from @v4 to @v5 across 7 GitHub Actions workflow files.

Code Quality

Style guide — YAML formatting is consistent and unchanged.

No commented-out code — None present.

Meaningful variable names — N/A for this change.

⚠️ DRY principle — The action version is repeated across 7 files with no centralization. This is a pre-existing pattern and not introduced by this PR, but worth noting: a shared/reusable workflow or a workflow-level variable would make future version bumps a one-line change.

Defects — The version bump is applied consistently across all 7 affected workflow files. No logic errors.

⚠️ Security: Mutable action tag — Both before and after, workflows pin to a mutable tag (@v4@v5) rather than an immutable commit SHA. If the upstream tag is force-pushed, CI runs a different version without any PR. Best practice per GitHub's hardening guide is to pin to a full SHA (e.g., senzing-factory/github-action-install-senzing-sdk@<sha>). This is not a regression introduced here, but worth fixing.

Testing

No code logic changed — No unit/integration tests required for a CI action version bump.

Documentation

⚠️ CHANGELOG.md — Not included in the diff. If this project maintains a changelog, a dependency bump entry is typically expected.

README / API docs — No changes required for a CI-only bump.

Security

No hardcoded credentials — None present.

No sensitive data in logs — N/A.

No license files (.lic / AQAAAD strings) — None present.

Additional Observation

There is no Python workflow in this diff. If a Python CI workflow exists and also uses github-action-install-senzing-sdk@v4, it would need a matching update. Worth verifying that no workflow was missed.

Overall: Low-risk, straightforward dependency bump. The two items to address are the mutable tag pinning (security hardening, pre-existing) and confirming CHANGELOG is updated.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 14, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kernelsam kernelsam

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @senzingdevops