chore(deps): bump the minor-and-patch group across 1 directory with 2 updates#72
chore(deps): bump the minor-and-patch group across 1 directory with 2 updates#72dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
|
@DeepDiver1975 do you need to whitelist these to enable them to run? |
|
@dependabot rebase |
|
Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/github_actions/minor-and-patch-5dd11fe3c8
branch
from
bdf6732 to
269eed5
Compare
DeepDiver1975
left a comment
DeepDiver1975
left a comment
There was a problem hiding this comment.
🤖 Automated code review by Claude Code review agent
Verdict: Approve ✅
Grouped Dependabot minor-and-patch update touching only uses: refs across 5 reusable-workflow files. Verified:
1. shivammathur/setup-php 2.37.1 → 2.37.2 (patch)
- SHA
7c071df→f3e473d, version comment updated. - Confirmed
f3e473dis the exact commit behind upstream tag2.37.2. - Applied consistently in
acceptance.yml,js-unit.yml,php-codestyle.yml,php-unit.yml.
2. actionhippie/calens 1.13.4 → 1.14.1 (minor)
- SHA
0b8ceba→6c54a62, version comment updated. - Confirmed
6c54a62is the exact commit behind upstream tagv1.14.1. - Applied in
calens.yml.
Checks:
- No major version bumps; both deltas are genuinely within minor/patch range.
- Diff is confined entirely to SHA-pinned action references plus their version comments — no logic changes to the reusable workflows themselves.
- SHA pins verified against upstream tags (supply-chain integrity confirmed), and comments are consistent with the pinned SHAs.
- Upstream changelogs for both releases are routine maintenance (bug fixes, hardening, docker digest/base-image bumps) with no behavioral changes affecting how these actions are invoked here.
Low-risk, correctly-pinned dependency bump. Safe to merge.
|
@dependabot recreate |
DeepDiver1975
left a comment
DeepDiver1975
left a comment
There was a problem hiding this comment.
🤖 Automated approval by Claude Code review agent — routine dependabot minor/patch bump (shivammathur/setup-php 2.37.1→2.37.2 patch, actionhippie/calens 1.13.4→1.14.1 minor), SHA-pins verified against upstream tags, confined to workflow uses: refs with no logic changes. Approving and squash-merging per auto_merge policy.
… updates Bumps the minor-and-patch group with 2 updates in the / directory: [shivammathur/setup-php](https://github.com/shivammathur/setup-php) and [actionhippie/calens](https://github.com/actionhippie/calens). Updates `shivammathur/setup-php` from 2.37.1 to 2.37.2 - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](shivammathur/setup-php@7c071df...f3e473d) Updates `actionhippie/calens` from 1.13.4 to 1.14.1 - [Release notes](https://github.com/actionhippie/calens/releases) - [Changelog](https://github.com/actionhippie/calens/blob/master/CHANGELOG.md) - [Commits](actionhippie/calens@0b8ceba...6c54a62) --- updated-dependencies: - dependency-name: actionhippie/calens dependency-version: 1.13.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: shivammathur/setup-php dependency-version: 2.37.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/minor-and-patch-5dd11fe3c8
branch
from
269eed5 to
0167317
Compare
DeepDiver1975
left a comment
DeepDiver1975
left a comment
There was a problem hiding this comment.
🤖 Automated review by Claude Code review agent.
Change: SHA-pinned minor/patch action bumps in the reusable workflows —
shivammathur/setup-php 2.37.1→2.37.2 (patch) and actionhippie/calens
1.13.4→1.14.1 (minor). Pins are full 40-char commit SHAs with the version in a
trailing comment, which is the correct supply-chain-safe form. The change
content itself is benign.
However — not merging. On the current (rebased) HEAD a large number of
required checks are failing: PHP Unit (sqlite / mysql:8.0 / several
integration matrices), JS Unit (both variants), PHP Code Style (+additional
app / --no-phan), and all acceptance suites (API, API+Email, WebUI). Only a
subset (PHP Unit mariadb, base PHP Code Style, Build, Changelog, Commits) pass.
Because these failures appear on the same HEAD that introduces the action
bumps, I can't rule out that the new setup-php/calens versions are the
cause — so I'm withholding a merge until the red checks are understood. If the
failures are pre-existing flakiness unrelated to the bump, a maintainer can
confirm and merge; if they're caused by the new versions, the bump needs
adjustment. Either way this needs a human look before landing.
|
https://github.com/owncloud/reusable-workflows/actions/runs/27966666176/job/82764888575?pr=72 Back to this codeberg inaccessible crud. |
2 participants
Bumps the minor-and-patch group with 2 updates in the / directory: shivammathur/setup-php and actionhippie/calens.
Updates
shivammathur/setup-phpfrom 2.37.1 to 2.37.2Release notes
Sourced from shivammathur/setup-php's releases.
Commits
f3e473dBump version to 2.37.28be473cTrust brew taps083d523Bump the github-actions group with 2 updates (#1085)a919ff5Update FUNDING.ymldeb2299Harden GitHub Actions workflows5825be4Harden environment lookup8d45593Add CODEOWNERSba8d163Update PHP versions in SECURITY.mdUpdates
actionhippie/calensfrom 1.13.4 to 1.14.1Release notes
Sourced from actionhippie/calens's releases.
Changelog
Sourced from actionhippie/calens's changelog.
... (truncated)
Commits
6c54a62chore: release 1.14.18889621chore(flake): updated lockfile [skip ci]5799ebdci(tools): update build tools to v7 (#97)3f9c9bcdeps(patch): update docker digests (#96)da83024deps(patch): update docker digests (#95)8fe75a3deps(patch): update docker digests (#94)69e98b5deps(patch): update docker digests (#93)e917050chore: release 1.14.0f2f222cchore(flake): updated lockfile [skip ci]22b21b2deps(patch): update docker digests (#92)