Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(deps): update github-actions - workflows - .github/workflows/unused-dependencies.yml #1156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 18, 2025
Merged

chore(deps): update github-actions - workflows - .github/workflows/unused-dependencies.yml #1156

merged 1 commit into from
Aug 18, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 18, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action digest 11bd719 -> 08eba0b
actions/checkout action minor v4.2.2 -> v4.3.0
amannn/action-semantic-pull-request action digest 0723387 -> e32d7e6
github/codeql-action action patch v3.29.5 -> v3.29.9
github/codeql-action action digest 51f7732 -> df55935

Release Notes

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

github/codeql-action (github/codeql-action)

v3.29.9

Compare Source

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025
  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Aug 18, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/github/codeql-action/analyze df559355d593797519d70b90fc8edd5db049e7a2 UnknownUnknown
actions/github/codeql-action/autobuild df559355d593797519d70b90fc8edd5db049e7a2 UnknownUnknown
actions/github/codeql-action/init df559355d593797519d70b90fc8edd5db049e7a2 UnknownUnknown
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/amannn/action-semantic-pull-request e32d7e603df1aa1ba07e981f2a23455dee596825 🟢 3.8
Details
CheckScoreReason
Code-Review🟢 5Found 16/30 approved changesets -- score normalized to 5
Maintained⚠️ 20 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions🟢 6detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 19 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif df559355d593797519d70b90fc8edd5db049e7a2 UnknownUnknown
actions/actions/checkout 08eba0b27e820071cde6df949e0beb9ba4906955 🟢 6.7
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 8SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected

Scanned Files

  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/experimental-inventory-ci.yml
  • .github/workflows/experimental-inventory-cli-publish.yml
  • .github/workflows/experimental-inventory-publish.yml
  • .github/workflows/lint.yml
  • .github/workflows/npm.yml
  • .github/workflows/pr-lint.yml
  • .github/workflows/sample-publish.yml
  • .github/workflows/scorecard.yml
  • .github/workflows/unused-dependencies.yml

@netlify
Copy link

netlify bot commented Aug 18, 2025
edited
Loading

Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name Link
🔨 Latest commit 882b024
🔍 Latest deploy log https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/68a2addc7a742b00082792f2

@renovate renovate bot force-pushed the renovate/workflows-manager branch from 8f9fa7c to 882b024 Compare August 18, 2025 04:36
@codecov
Copy link

codecov bot commented Aug 18, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.29%. Comparing base (aaea93a) to head (882b024).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1156   +/-   ##
=======================================
  Coverage   83.29%   83.29%           
=======================================
  Files          59       59           
  Lines        2449     2449           
  Branches      280      280           
=======================================
  Hits         2040     2040           
  Misses        365      365           
  Partials       44       44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jescalada jescalada merged commit dea031d into main Aug 18, 2025
15 checks passed
@renovate renovate bot deleted the renovate/workflows-manager branch August 18, 2025 04:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jescalada jescalada jescalada approved these changes

Assignees

No one assigned

Labels

maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jescalada