Skip to content

chore(deps): pin dependencies#262

Merged
castrojo merged 1 commit into
mainfrom
renovate/projectbluefinactions
Jun 22, 2026
Merged

chore(deps): pin dependencies#262
castrojo merged 1 commit into
mainfrom
renovate/projectbluefinactions

Conversation

@mergeraptor

@mergeraptor mergeraptor Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
projectbluefin/actions action pinDigest 7827453

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@mergeraptor mergeraptor Bot requested review from castrojo and p5 as code owners June 19, 2026 13:20
@mergeraptor mergeraptor Bot enabled auto-merge (squash) June 19, 2026 13:20
@github-actions github-actions Bot added the pr/needs-review Awaiting human review label Jun 19, 2026
@github-actions

github-actions Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/reusable-release.yml

PackageVersionLicenseIssue Type
projectbluefin/actions/bootc-build/create-release7827453NullUnknown License
projectbluefin/actions/bootc-build/generate-release-notes7827453NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/projectbluefin/actions/bootc-build/create-release 7827453 🟢 5.6
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/21 approved changesets -- score normalized to 0
Dependency-Update-Tool🟢 10update tool detected
Maintained⚠️ 0project was created within the last 90 days. Please review its contents carefully
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Vulnerabilities🟢 91 existing vulnerabilities detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Contributors🟢 10project has 6 contributing companies or organizations
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
actions/projectbluefin/actions/bootc-build/generate-release-notes 7827453 🟢 5.6
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/21 approved changesets -- score normalized to 0
Dependency-Update-Tool🟢 10update tool detected
Maintained⚠️ 0project was created within the last 90 days. Please review its contents carefully
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Vulnerabilities🟢 91 existing vulnerabilities detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Contributors🟢 10project has 6 contributing companies or organizations
CI-Tests🟢 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10

Scanned Files

  • .github/workflows/reusable-release.yml

@mergeraptor mergeraptor Bot force-pushed the renovate/projectbluefinactions branch 6 times, most recently from 5ca9ce0 to 8f09263 Compare June 21, 2026 23:44
@mergeraptor mergeraptor Bot force-pushed the renovate/projectbluefinactions branch from 8f09263 to 08cbe4d Compare June 22, 2026 01:05
@castrojo castrojo merged commit 8827be1 into main Jun 22, 2026
7 checks passed
@castrojo castrojo deleted the renovate/projectbluefinactions branch June 22, 2026 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@castrojo castrojo Awaiting requested review from castrojo castrojo is a code owner

@p5 p5 Awaiting requested review from p5 p5 is a code owner

Assignees

No one assigned

Labels

automerge chore/deps pr/needs-review Awaiting human review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@castrojo