github · zkoppert · Feb 10, 2026 · Feb 9, 2026 · Feb 9, 2026 · Feb 10, 2026
@@ -26,12 +26,12 @@ jobs:
     # If you do not check out your code, Copilot will do this for you.
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@v6.2.0
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: 3.12
 

@@ -14,7 +14,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: Build the Docker image

@@ -18,20 +18,20 @@ jobs:
       statuses: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           # Full git history is needed to get a proper
           # list of changed files within `super-linter`
           fetch-depth: 0
           persist-credentials: false
-      - uses: actions/setup-python@v6.2.0
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: "3.12"
       - name: Install dependencies
         run: |
           pip install -r requirements.txt -r requirements-test.txt
       - name: Lint Code Base
-        uses: super-linter/super-linter@502f4fe48a81a392756e173e39a861f8c8efe056 # v8.3.0
+        uses: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

@@ -21,11 +21,11 @@ jobs:
         python-version: [3.11, 3.12]
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v6.2.0
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -36,7 +36,7 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
-        uses: actions/upload-artifact@v6.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif

@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10.1.1
+      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
         with:
           stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days."
           close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity."

@@ -41,10 +41,8 @@ def auth_to_github(
     elif token:
         github_connection = github3.login(token=token)
     else:
-        raise ValueError(
-            "GH_TOKEN or the set of [GH_APP_ID, GH_APP_INSTALLATION_ID, \
-                GH_APP_PRIVATE_KEY] environment variables are not set"
-        )
+        raise ValueError("GH_TOKEN or the set of [GH_APP_ID, GH_APP_INSTALLATION_ID, \
+                GH_APP_PRIVATE_KEY] environment variables are not set")
 
     if not github_connection:
         raise ValueError("Unable to authenticate to GitHub")

@@ -159,10 +159,8 @@ def write_to_markdown(
         # If all the metrics are None, then there are no issues
         if not issues_with_metrics or len(issues_with_metrics) == 0:
             file.write("no issues found for the given search criteria\n\n")
-            file.write(
-                "\n_This report was generated with the \
-[Issue Metrics Action](https://github.com/github/issue-metrics)_\n"
-            )
+            file.write("\n_This report was generated with the \
+[Issue Metrics Action](https://github.com/github/issue-metrics)_\n")
             if search_query:
                 file.write(f"Search query used to find these items: `{search_query}`\n")
             return
@@ -254,10 +252,8 @@ def write_to_markdown(
                     file.write(f" {issue.pr_comment_count or 'N/A'} |")
                 file.write("\n")
             file.write("\n")
-        file.write(
-            "_This report was generated with the \
-[Issue Metrics Action](https://github.com/github/issue-metrics)_\n"
-        )
+        file.write("_This report was generated with the \
+[Issue Metrics Action](https://github.com/github/issue-metrics)_\n")
         if search_query:
             file.write(f"Search query used to find these items: `{search_query}`\n")
 

@@ -13,7 +13,7 @@
    - should there be a limit to how many comments per PR we consider to avoid
      having the statistic dominated by contested PRs?
    - should this metric count consecutive comments coming from the same user as
-     only one to avoid people unnessesarily splitting their comments to game the
+     only one to avoid people unnecessarily splitting their comments to game the
      metric?
    - instead of PR comments should we count PRs on which a username was seen as
      commenter?

@@ -1,5 +1,5 @@
 github3.py==4.0.1
-numpy==2.4.1
+numpy==2.4.2
 python-dotenv==1.2.1
 pytz==2025.2
 requests==2.32.5
@@ -81,17 +81,13 @@ def wait_for_api_refresh(
                 wait_for_api_refresh(issues_iterator, rate_limit_bypass)
 
     except github3.exceptions.ForbiddenError as e:
-        print(
-            f"You do not have permission to view a repository \
-from: '{repos_and_owners_string}'; Check your API Token."
-        )
+        print(f"You do not have permission to view a repository \
+from: '{repos_and_owners_string}'; Check your API Token.")
         print_error_messages(e)
         sys.exit(1)
     except github3.exceptions.NotFoundError as e:
-        print(
-            f"The repository could not be found; \
-Check the repository owner and names: '{repos_and_owners_string}"
-        )
+        print(f"The repository could not be found; \
+Check the repository owner and names: '{repos_and_owners_string}")
         print_error_messages(e)
         sys.exit(1)
     except github3.exceptions.ConnectionError as e:

@@ -112,10 +112,10 @@ def test_get_per_issue_metrics_with_hide_envs(self):
         ]
 
         # Call the function and check the result
-        with unittest.mock.patch(  # type:ignore
+        with unittest.mock.patch(  # type: ignore
             "issue_metrics.measure_time_to_first_response",
             measure_time_to_first_response,
-        ), unittest.mock.patch(  # type:ignore
+        ), unittest.mock.patch(  # type: ignore
             "issue_metrics.measure_time_to_close", measure_time_to_close
         ):
             (
@@ -221,10 +221,10 @@ def test_get_per_issue_metrics_without_hide_envs(self):
         ]
 
         # Call the function and check the result
-        with unittest.mock.patch(  # type:ignore
+        with unittest.mock.patch(  # type: ignore
             "issue_metrics.measure_time_to_first_response",
             measure_time_to_first_response,
-        ), unittest.mock.patch(  # type:ignore
+        ), unittest.mock.patch(  # type: ignore
             "issue_metrics.measure_time_to_close", measure_time_to_close
         ):
             (
@@ -326,10 +326,10 @@ def test_get_per_issue_metrics_with_ignore_users(self):
         ]
 
         # Call the function and check the result
-        with unittest.mock.patch(  # type:ignore
+        with unittest.mock.patch(  # type: ignore
             "issue_metrics.measure_time_to_first_response",
             measure_time_to_first_response,
-        ), unittest.mock.patch(  # type:ignore
+        ), unittest.mock.patch(  # type: ignore
             "issue_metrics.measure_time_to_close", measure_time_to_close
         ):
             (