From 6948431e7477b9cab893a49f216f939891129434 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jul 2025 18:51:04 +0000 Subject: [PATCH 01/11] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.29.2 to 3.29.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...d6bbdef45e766d081b84a2def353b0055f728d3e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 047161a..b916d75 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.24.9 + uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.24.9 with: sarif_file: results.sarif From b677265a3be4095c3d1a75aa55345f08e031669f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jul 2025 18:58:26 +0000 Subject: [PATCH 02/11] chore(deps): bump super-linter/super-linter from 7.4.0 to 8.0.0 Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 7.4.0 to 8.0.0. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/12150456a73e248bdc94d0794898f94e23127c88...5119dcd8011e92182ce8219d9e9efc82f16fddb6) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/linter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 9a7a3df..9069eb7 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -30,7 +30,7 @@ jobs: run: | pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@12150456a73e248bdc94d0794898f94e23127c88 # v7.4.0 + uses: super-linter/super-linter@5119dcd8011e92182ce8219d9e9efc82f16fddb6 # v8.0.0 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c46b8513f39bb658d2ccf07ecf23ee8d252c954f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jul 2025 19:24:55 +0000 Subject: [PATCH 03/11] chore(deps): bump mypy from 1.16.1 to 1.17.0 in the dependencies group Bumps the dependencies group with 1 update: [mypy](https://github.com/python/mypy). Updates `mypy` from 1.16.1 to 1.17.0 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.16.1...v1.17.0) --- updated-dependencies: - dependency-name: mypy dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 3b294cb..ee1e9b9 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,6 +1,6 @@ black==25.1.0 flake8==7.3.0 -mypy==1.16.1 +mypy==1.17.0 mypy-extensions==1.1.0 pylint==3.3.7 pytest==8.4.1 From e0357967dfab60c6d253d9168a8ac73e673ee7ab Mon Sep 17 00:00:00 2001 From: Zack Koppert Date: Mon, 21 Jul 2025 12:45:58 -0700 Subject: [PATCH 04/11] docs: specific descriptive link text Signed-off-by: Zack Koppert --- README.md | 4 ++-- docs/verify-token-access-to-repository.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 596bfc3..baddaba 100644 --- a/README.md +++ b/README.md @@ -112,9 +112,9 @@ All feedback regarding our GitHub Actions, as a whole, should be communicated th - Do this by creating a [GitHub API token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with permissions to read the repository and write issues. - Then take the value of the API token you just created, and [create a repository secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) where the name of the secret is `GH_TOKEN` and the value of the secret the API token. - Then finally update the workflow file to use that repository secret by changing `GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}` to `GH_TOKEN: ${{ secrets.GH_TOKEN }}`. The name of the secret can really be anything. It just needs to match between when you create the secret name and when you refer to it in the workflow file. - - Help on verifying your token's access to your repository [here](docs/verify-token-access-to-repository.md) + - Help on verifying your token's access to your repository [in the docs directory](docs/verify-token-access-to-repository.md) 6. If you want the resulting issue with the metrics in it to appear in a different repository other than the one the workflow file runs in, update the line `token: ${{ secrets.GITHUB_TOKEN }}` with your own GitHub API token stored as a repository secret. - - This process is the same as described in the step above. More info on creating secrets can be found [here](https://docs.github.com/en/actions/security-guides/encrypted-secrets). + - This process is the same as described in the step above. More info on creating secrets can be found [in the GitHub docs security guide on encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets). 7. Commit the workflow file to the default branch (often `master` or `main`) 8. Wait for the action to trigger based on the `schedule` entry or manually trigger the workflow as shown in the [documentation](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow). diff --git a/docs/verify-token-access-to-repository.md b/docs/verify-token-access-to-repository.md index 25a4f1b..e6d7d54 100644 --- a/docs/verify-token-access-to-repository.md +++ b/docs/verify-token-access-to-repository.md @@ -4,7 +4,7 @@ GitHub PAT token access can be confusing. Here's a quick way to test if the toke **Remove this snippet after you've verified your token.** -- Make sure you follow the token setup instructions [here](https://github.com/github/issue-metrics/tree/main?tab=readme-ov-file#use-as-a-github-action) first. +- Make sure you follow the token setup instructions [in the `README.md`](https://github.com/github/issue-metrics/tree/main?tab=readme-ov-file#use-as-a-github-action) first. - Replace `{owner/repo}` with your own repository information. From 3c75ad40ae98254439df9aa6957e18baf661a077 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jul 2025 20:24:39 +0000 Subject: [PATCH 05/11] chore(deps): bump python from `6544e0e` to `4c2cf99` Bumps python from `6544e0e` to `4c2cf99`. --- updated-dependencies: - dependency-name: python dependency-version: 3.13-slim dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 26a5817..d54ffa4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:6544e0e002b40ae0f59bc3618b07c1e48064c4faed3a15ae2fbd2e8f663e8283 +FROM python:3.13-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419 LABEL com.github.actions.name="issue-metrics" \ com.github.actions.description="Gather metrics on issues/prs/discussions such as time to first response, count of issues opened, closed, etc." \ com.github.actions.icon="check-square" \ From dd2c4b8c2a817cc9ddc0d5850d408eeb145d1827 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jul 2025 21:27:53 +0000 Subject: [PATCH 06/11] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [github/contributors](https://github.com/github/contributors) and [github/codeql-action](https://github.com/github/codeql-action). Updates `github/contributors` from 1.5.9 to 1.5.10 - [Release notes](https://github.com/github/contributors/releases) - [Commits](https://github.com/github/contributors/compare/4d90d92531d4c5775be5a70c119ca7c0be165964...34fad9a6770332457ef52dfefc24a282ff47e929) Updates `github/codeql-action` from 3.29.3 to 3.29.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/d6bbdef45e766d081b84a2def353b0055f728d3e...4e828ff8d448a8a6e532957b1811f387a63867e8) --- updated-dependencies: - dependency-name: github/contributors dependency-version: 1.5.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: 3.29.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/contributor_report.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contributor_report.yaml b/.github/workflows/contributor_report.yaml index d15c184..d31decf 100644 --- a/.github/workflows/contributor_report.yaml +++ b/.github/workflows/contributor_report.yaml @@ -27,7 +27,7 @@ jobs: echo "END_DATE=$end_date" >> "$GITHUB_ENV" - name: Run contributor action - uses: github/contributors@4d90d92531d4c5775be5a70c119ca7c0be165964 # v1.5.9 + uses: github/contributors@34fad9a6770332457ef52dfefc24a282ff47e929 # v1.5.10 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} START_DATE: ${{ env.START_DATE }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b916d75..6968215 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.24.9 + uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.24.9 with: sarif_file: results.sarif From 5e0646ef30c121d4d8f40f89b91a788d0b3f0116 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 23:20:01 +0000 Subject: [PATCH 07/11] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.29.4 to 3.29.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4e828ff8d448a8a6e532957b1811f387a63867e8...51f77329afa6477de8c49fc9c7046c15b9a4e79d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6968215..50a3a4a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867e8 # v3.24.9 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.24.9 with: sarif_file: results.sarif From 14419bb7695cf4d9afe2757ee7f2540d373b996d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 00:10:22 +0000 Subject: [PATCH 08/11] chore(deps): bump mypy from 1.17.0 to 1.17.1 in the dependencies group Bumps the dependencies group with 1 update: [mypy](https://github.com/python/mypy). Updates `mypy` from 1.17.0 to 1.17.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.17.0...v1.17.1) --- updated-dependencies: - dependency-name: mypy dependency-version: 1.17.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index ee1e9b9..e3e4353 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,6 +1,6 @@ black==25.1.0 flake8==7.3.0 -mypy==1.17.0 +mypy==1.17.1 mypy-extensions==1.1.0 pylint==3.3.7 pytest==8.4.1 From 0b29e611550fd715f1dd1954c1a819ebc478ee2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 01:29:55 +0000 Subject: [PATCH 09/11] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [github/ospo-reusable-workflows](https://github.com/github/ospo-reusable-workflows), [github/contributors](https://github.com/github/contributors) and [github/codeql-action](https://github.com/github/codeql-action). Updates `github/ospo-reusable-workflows` from 0.5.1 to 0.5.2 - [Release notes](https://github.com/github/ospo-reusable-workflows/releases) - [Changelog](https://github.com/github/ospo-reusable-workflows/blob/main/docs/release-image.md) - [Commits](https://github.com/github/ospo-reusable-workflows/compare/6f158f242fe68adb5a2698ef47e06dac07ac7e71...ebb4e218b75c6043139fd69a4c9bb5a465fb696b) Updates `github/contributors` from 1.5.10 to 1.5.11 - [Release notes](https://github.com/github/contributors/releases) - [Commits](https://github.com/github/contributors/compare/34fad9a6770332457ef52dfefc24a282ff47e929...69e531b620b7e5b0fad2e9823681607b54db447a) Updates `github/codeql-action` from 3.29.7 to 3.29.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...76621b61decf072c1cee8dd1ce2d2a82d33c17ed) --- updated-dependencies: - dependency-name: github/ospo-reusable-workflows dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github/contributors dependency-version: 1.5.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: 3.29.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-labeler.yml | 2 +- .github/workflows/contributor_report.yaml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 43fe779..48d4f70 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -11,7 +11,7 @@ jobs: permissions: contents: write pull-requests: write - uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@6f158f242fe68adb5a2698ef47e06dac07ac7e71 + uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@ebb4e218b75c6043139fd69a4c9bb5a465fb696b with: config-name: release-drafter.yml secrets: diff --git a/.github/workflows/contributor_report.yaml b/.github/workflows/contributor_report.yaml index d31decf..123abb1 100644 --- a/.github/workflows/contributor_report.yaml +++ b/.github/workflows/contributor_report.yaml @@ -27,7 +27,7 @@ jobs: echo "END_DATE=$end_date" >> "$GITHUB_ENV" - name: Run contributor action - uses: github/contributors@34fad9a6770332457ef52dfefc24a282ff47e929 # v1.5.10 + uses: github/contributors@69e531b620b7e5b0fad2e9823681607b54db447a # v1.5.11 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} START_DATE: ${{ env.START_DATE }} diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index e06a1fb..77afc54 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -12,6 +12,6 @@ jobs: contents: read pull-requests: read statuses: write - uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@6f158f242fe68adb5a2698ef47e06dac07ac7e71 + uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@ebb4e218b75c6043139fd69a4c9bb5a465fb696b secrets: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2f89b0a..5cc0ca0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: write pull-requests: read - uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@6f158f242fe68adb5a2698ef47e06dac07ac7e71 + uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@ebb4e218b75c6043139fd69a4c9bb5a465fb696b with: publish: true release-config-name: release-drafter.yml @@ -25,7 +25,7 @@ jobs: packages: write id-token: write attestations: write - uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@6f158f242fe68adb5a2698ef47e06dac07ac7e71 + uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@ebb4e218b75c6043139fd69a4c9bb5a465fb696b with: image-name: ${{ github.repository_owner }}/issue_metrics full-tag: ${{ needs.release.outputs.full-tag }} @@ -40,7 +40,7 @@ jobs: permissions: contents: read discussions: write - uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@6f158f242fe68adb5a2698ef47e06dac07ac7e71 + uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@ebb4e218b75c6043139fd69a4c9bb5a465fb696b with: full-tag: ${{ needs.release.outputs.full-tag }} body: ${{ needs.release.outputs.body }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 50a3a4a..8e75ea4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.24.9 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.24.9 with: sarif_file: results.sarif From 99209880fdfb60e3c5037fb3f058109e7f211644 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 06:17:27 -0500 Subject: [PATCH 10/11] chore(deps): bump python from `4c2cf99` to `6f79e7a` (#563) Bumps python from `4c2cf99` to `6f79e7a`. --- updated-dependencies: - dependency-name: python dependency-version: 3.13-slim dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d54ffa4..07fb1a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419 +FROM python:3.13-slim@sha256:6f79e7a10bb7d0b0a50534a70ebc78823f941fba26143ecd7e6c5dca9d7d7e8a LABEL com.github.actions.name="issue-metrics" \ com.github.actions.description="Gather metrics on issues/prs/discussions such as time to first response, count of issues opened, closed, etc." \ com.github.actions.icon="check-square" \ From 2fd323a2f81a70e719d1035f7b7c7535c5bc53ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 11:21:01 +0000 Subject: [PATCH 11/11] chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#565) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...v5.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker-image.yml | 2 +- .github/workflows/linter.yaml | 2 +- .github/workflows/python-package.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 3c2f8ec..9f65a35 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -14,6 +14,6 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@v5.0.0 - name: Build the Docker image run: docker build . --file Dockerfile --platform linux/amd64 --tag issue-metrics:"$(date +%s)" diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 9069eb7..fe5ec0d 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -18,7 +18,7 @@ jobs: statuses: write steps: - name: Checkout Code - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: # Full git history is needed to get a proper # list of changed files within `super-linter` diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 2853bb1..07a7ff7 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -21,7 +21,7 @@ jobs: python-version: [3.11, 3.12] steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@v5.0.0 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5.6.0 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8e75ea4..0b95c7e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: persist-credentials: false