Bump senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml from 3 to 4

[dependabot]

Bumps senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml from 3 to 4.

Release notes

Sourced from senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml's releases.

4.0.0

What's Changed

• #260 make shared workflows generic, misc cleanup by @​kernelsam in senzing-factory/build-resources#261

Full Changelog: senzing-factory/build-resources@v3...4.0.0

3.0.31

What's Changed

• Bump super-linter/super-linter from 8.4.0 to 8.5.0 by @​dependabot[bot] in senzing-factory/build-resources#257
• if the PR's REFRESHED_AT matches main's value, it only passes if that… by @​kernelsam in senzing-factory/build-resources#259

Full Changelog: senzing-factory/build-resources@v3...3.0.31

3.0.30

What's Changed

• Bump super-linter/super-linter from 8.3.1 to 8.3.2 by @​dependabot[bot] in senzing-factory/build-resources#254
• Bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in senzing-factory/build-resources#250
• Bump super-linter/super-linter from 8.3.2 to 8.4.0 by @​dependabot[bot] in senzing-factory/build-resources#255
• Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in senzing-factory/build-resources#249
• Fix regex for filtering GitHub workflows by @​kernelsam in senzing-factory/build-resources#256

Full Changelog: senzing-factory/build-resources@v3...3.0.30

3.0.29

What's Changed

• Bump super-linter/super-linter from 8.3.0 to 8.3.1 by @​dependabot[bot] in senzing-factory/build-resources#252
• Remove validation for natural language in workflows by @​kernelsam in senzing-factory/build-resources#253

Full Changelog: senzing-factory/build-resources@v3...3.0.29

3.0.28

What's Changed

• Add Markdown formatting guidelines to PR template by @​kernelsam in senzing-factory/build-resources#244
• Enhance PR review instructions for local and GitHub by @​kernelsam in senzing-factory/build-resources#246
• 247 dockter 1 by @​docktermj in senzing-factory/build-resources#248

New Contributors

• @​docktermj made their first contribution in senzing-factory/build-resources#248

Full Changelog: senzing-factory/build-resources@v3...3.0.28

3.0.27

Full Changelog: senzing-factory/build-resources@v3...3.0.27

3.0.26

Full Changelog: senzing-factory/build-resources@v3...3.0.26

... (truncated)

Changelog

Sourced from senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, markdownlint, and this project adheres to Semantic Versioning.

[Unreleased]

• Thing 5
• Thing 4

[1.0.1] - yyyy-mm-dd

Added to 1.0.1

• Thing 3

Fixed in 1.0.1

• Thing 2

[1.0.0] - yyyy-mm-dd

Added to 1.0.0

• Thing 2
• Thing 1

Commits

• 52eb86b bump tags to v4, slack channel override, missing claude settings (#262)
• 08fb769 #260 make shared workflows generic, misc cleanup (#261)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #260
Resolves #262
Resolves #261
Resolves senzing-factory/build-resources#261
Resolves senzing-factory/build-resources#257
Resolves senzing-factory/build-resources#259
Resolves senzing-factory/build-resources#254
Resolves senzing-factory/build-resources#250
Resolves senzing-factory/build-resources#255
Resolves senzing-factory/build-resources#249
Resolves senzing-factory/build-resources#256
Resolves senzing-factory/build-resources#252
Resolves senzing-factory/build-resources#253
Resolves senzing-factory/build-resources#244
Resolves senzing-factory/build-resources#246
Resolves senzing-factory/build-resources#248

[github-actions]

🤖 Claude Code Review

Code Review: PR Diff Analysis

Review Results

Code Quality

✅ Code follows style guide - This is a GitHub Actions workflow file with a simple version bump. The YAML formatting is clean and follows standard conventions.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - All variables and references are clear and descriptive (SENZING_GITHUB_PROJECT_RW_TOKEN, project, etc.).

✅ DRY principle followed - The workflow reuses the centralized workflow from senzing-factory/build-resources, which is a good practice for maintaining consistency.

✅ No defects identified - The change is straightforward: bumping the workflow version from v3 to v4. No logic errors, edge cases, or security vulnerabilities introduced.

✅ Project memory consideration - No ./.claude/CLAUDE.md file found in the repository, so this item is not applicable.

Testing

⚠️ Testing considerations - This is a workflow version update. The tests would be:

• Verifying the workflow still executes successfully with v4
• Confirming the behavior matches expectations (moving PRs to done status for dependabot)

Recommendation: Monitor the first few executions of this workflow to ensure v4 behaves as expected. Review the changelog for the move-pr-to-done-dependabot.yaml workflow to understand what changed between v3 and v4.

Documentation

⚠️ CHANGELOG.md - Could not verify if CHANGELOG.md exists or was updated. For dependency/workflow version bumps, this is typically handled automatically by dependabot PRs, but if this is a manual change, consider documenting it.

✅ Readme/API docs - Not applicable for workflow version bumps. The workflow file itself is self-documenting.

✅ Inline comments - Not needed for this simple version change.

✅ Markdown files - No markdown files modified in this PR.

Security

✅ No hardcoded credentials - Credentials are properly passed via secrets (${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }}).

✅ Input validation - Not applicable; the workflow uses built-in GitHub Actions variables and secrets.

✅ Proper error handling - Error handling is managed by the referenced workflow.

✅ No sensitive data in logs - No sensitive data exposed.

✅ No license files - No .lic files or AQAAAD strings detected in the diff.

---

Summary

Overall Assessment: ✅ APPROVED

This is a clean, low-risk change that updates the workflow reference from v3 to v4. The change:

• Maintains all existing configuration
• Follows proper secret management practices
• Is consistent with other similar workflow updates in the repository (based on recent commits)

Action Items:

1. Verify what changes are included in v4 of the move-pr-to-done-dependabot.yaml workflow
2. Monitor the first execution to ensure proper functionality
3. Consider updating CHANGELOG.md if this is a manual change (though dependabot typically handles this automatically)

No blocking issues identified. Safe to merge.

Automated code review analyzing defects and coding standards