From 5f65d036c60caee500124770c2dbfb765e4820ef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Jan 2025 17:38:23 +0000
Subject: [PATCH 1/3] chore(deps): bump python from `23a81be` to `026dd41`

Bumps python from `23a81be` to `026dd41`.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index fd95e82..0642262 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 #checkov:skip=CKV_DOCKER_2
 #checkov:skip=CKV_DOCKER_3
-FROM python:3.13-slim@sha256:23a81be7b258c8f516f7a60e80943cace4350deb8204cf107c7993e343610d47
+FROM python:3.13-slim@sha256:026dd417a88d0be8ed5542a05cff5979d17625151be8a1e25a994f85c87962a5
 LABEL com.github.actions.name="issue-metrics" \
     com.github.actions.description="Gather metrics on issues/prs/discussions such as time to first response, count of issues opened, closed, etc." \
     com.github.actions.icon="check-square" \

From 0fe7226241f3ddfbf58b4c838768b1b22d1d7c82 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Jan 2025 17:43:11 +0000
Subject: [PATCH 2/3] chore(deps): bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/stale](https://github.com/actions/stale).


Updates `github/codeql-action` from 3.28.1 to 3.28.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4)

Updates `actions/stale` from 9.0.0 to 9.1.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9.0.0...v9.1.0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/scorecard.yml | 2 +-
 .github/workflows/stale.yaml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 3b5e902..419ef20 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -42,6 +42,6 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.24.9
+        uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.24.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 2d8c416..78e8210 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9.0.0
+      - uses: actions/stale@v9.1.0
         with:
           stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days."
           close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity."

From 33d8e455a4383529ebac4b01d7db626a8504bbe2 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Mon, 27 Jan 2025 18:23:27 -0600
Subject: [PATCH 3/3] chore: update workflows

- [x] update ospo-reusable-workflows version
  - prevents auto-labeler creating draft releases
- [x] update permissions
  - release-image, allows for attestations, if enabled
  - auto-labler, content: read

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/release-drafter.yml        |  3 ++-
 .github/workflows/auto-labeler.yml |  2 +-
 .github/workflows/pr-title.yml     |  2 +-
 .github/workflows/release.yml      | 12 ++++++------
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
index fb2ec4b..f786f73 100644
--- a/.github/release-drafter.yml
+++ b/.github/release-drafter.yml
@@ -36,11 +36,12 @@ version-resolver:
   minor:
     labels:
       - "enhancement"
-      - "fix"
+      - "feature"
       - "minor"
   patch:
     labels:
       - "documentation"
+      - "fix"
       - "maintenance"
       - "patch"
   default: patch
diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml
index 7e41954..e386029 100644
--- a/.github/workflows/auto-labeler.yml
+++ b/.github/workflows/auto-labeler.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
-    uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0
+    uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d
     with:
       config-name: release-drafter.yml
     secrets:
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 70f1974..c8aee01 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -12,6 +12,6 @@ jobs:
       contents: read
       pull-requests: read
       statuses: write
-    uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@1406afbf7a795f706f04644059cecbb3b2f0c1a0
+    uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f551ece..e0463db 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: read
-    uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c
+    uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d
     with:
       publish: true
       release-config-name: release-drafter.yml
@@ -21,11 +21,11 @@ jobs:
   release_image:
     needs: release
     permissions:
-      contents: write
-      discussions: write
+      contents: read
       packages: write
-      pull-requests: read
-    uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c
+      id-token: write
+      attestations: write
+    uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d
     with:
       image-name: ${{ github.repository_owner }}/issue_metrics
       full-tag: ${{ needs.release.outputs.full-tag }}
@@ -40,7 +40,7 @@ jobs:
     permissions:
       contents: read
       discussions: write
-    uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@53a9c808122ffaae9af948f72139fb4bd44ab74c
+    uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@6a0a6d0de2227f9d5d11af90a87b2e2fd6b5463d
     with:
       full-tag: ${{ needs.release.outputs.full-tag }}
       body: ${{ needs.release.outputs.body }}