Skip to content

ci(deps): bump the actions group across 1 directory with 15 updates#234

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/actions-02358b4e8e
Open

ci(deps): bump the actions group across 1 directory with 15 updates#234
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/actions-02358b4e8e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 15 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
actions/setup-go 6.4.0 6.5.0
actions/upload-artifact 7.0.0 7.0.1
golangci/golangci-lint-action 9.2.0 9.3.0
aquasecurity/trivy-action 0.35.0 0.36.0
actions/cache 5.0.4 6.1.0
marocchino/sticky-pull-request-comment 3.0.3 3.0.4
actions/github-script 8.0.0 9.0.0
actions/cache/save 5.0.4 6.1.0
codecov/codecov-action 6.0.0 7.0.0
actions/setup-node 6.3.0 6.4.0
goreleaser/goreleaser-action 7.0.0 7.2.3
aquasecurity/setup-trivy 0.2.6 0.3.1
github/codeql-action/upload-sarif 4.35.1 4.36.2
actions/setup-python 6.2.0 6.3.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-go from 6.4.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

Commits

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates golangci/golangci-lint-action from 9.2.0 to 9.3.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.3.0

What's Changed

Changes

Dependencies

Full Changelog: golangci/golangci-lint-action@v9.2.1...v9.3.0

v9.2.1

What's Changed

IMPORTANT: this is the first immutable release.

Changes

Dependencies

... (truncated)

Commits
  • ba0d7d2 chore: prepare release v9.3.0
  • efd0857 feat: add no-run-logs-group as experimental option (#1403)
  • ed485de build(deps): bump undici from 6.24.0 to 6.27.0
  • 8872e8d build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 (#1400)
  • b163415 build(deps): bump tmp from 0.2.6 to 0.2.7 (#1399)
  • e52a9f8 build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-ac...
  • 8182aa3 build(deps): bump tmp from 0.2.5 to 0.2.6 (#1397)
  • 5403a41 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 in the github-ac...
  • 82606bf chore: prepare release v9.2.1
  • 97c8387 chore: improve workflows (#1394)
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Updates actions/cache from 5.0.4 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 3.0.3 to 3.0.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.4

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.3...v3.0.4

Commits
  • 0ea0beb 📦️ Build
  • df6c1bd build(deps-dev): Bump @​biomejs/biome from 2.4.10 to 2.4.11 (#1681)
  • 3ad213f build(deps-dev): Bump vitest from 4.1.3 to 4.1.4 (#1682)
  • 58072e5 build(deps): Bump @​actions/github from 9.0.0 to 9.1.0 (#1683)
  • 313a938 build(deps-dev): Bump @​types/node from 25.5.2 to 25.6.0 (#1684)
  • 159c677 build(deps-dev): Bump vitest from 4.1.2 to 4.1.3 (#1680)
  • b37c1a1 build(deps-dev): Bump vite from 8.0.3 to 8.0.5 (#1679)
  • See full diff in compare view

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates actions/cache/save from 5.0.4 to 6.1.0

Release notes

Sourced from actions/cache/save's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache/save's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR ...

    Description has been truncated

Bumps the actions group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.4.0` | `6.5.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.3.0` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `6.1.0` |
| [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `3.0.3` | `3.0.4` |
| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |
| [actions/cache/save](https://github.com/actions/cache) | `5.0.4` | `6.1.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `7.0.0` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.0.0` | `7.2.3` |
| [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) | `0.2.6` | `0.3.1` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.35.1` | `4.36.2` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `actions/setup-go` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4a36011...924ae3a)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `golangci/golangci-lint-action` from 9.2.0 to 9.3.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@1e7e51e...ba0d7d2)

Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

Updates `actions/cache` from 5.0.4 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...55cc834)

Updates `marocchino/sticky-pull-request-comment` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@d4d6b09...0ea0beb)

Updates `actions/github-script` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@ed59741...3a2844b)

Updates `actions/cache/save` from 5.0.4 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...55cc834)

Updates `codecov/codecov-action` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@57e3a13...fb8b358)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `goreleaser/goreleaser-action` from 7.0.0 to 7.2.3
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@ec59f47...f06c13b)

Updates `aquasecurity/setup-trivy` from 0.2.6 to 0.3.1
- [Release notes](https://github.com/aquasecurity/setup-trivy/releases)
- [Commits](aquasecurity/setup-trivy@3fb12ec...81e5143)

Updates `github/codeql-action/upload-sarif` from 4.35.1 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...8aad20d)

Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/cache/save
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.2.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: aquasecurity/setup-trivy
  dependency-version: 0.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 30, 2026
@github-actions

Copy link
Copy Markdown

🟢 Change Impact Analysis

Metric Value
Risk Level LOW 🟢
Files Changed 13
Symbols Changed 13
Directly Affected 0
Transitively Affected 0

Blast Radius: 0 modules, 0 files, 0 unique callers

📝 Changed Symbols (13)
Symbol File Type Confidence
.github/workflows/build-matrix.yml .github/workflows/build-matrix.yml modified 30%
.github/workflows/ci.yml .github/workflows/ci.yml modified 30%
.github/workflows/ckb.yml .github/workflows/ckb.yml modified 30%
.github/workflows/cov.yml .github/workflows/cov.yml modified 30%
.github/workflows/nfr.yml .github/workflows/nfr.yml modified 30%
.github/workflows/release.yml .github/workflows/release.yml modified 30%
.github/workflows/security-dependencies.yml .github/workflows/security-dependencies.yml modified 30%
.github/workflows/security-detect.yml .github/workflows/security-detect.yml modified 30%
.github/workflows/security-gate.yml .github/workflows/security-gate.yml modified 30%
.github/workflows/security-sast-common.yml .github/workflows/security-sast-common.yml modified 30%
.github/workflows/security-sast-go.yml .github/workflows/security-sast-go.yml modified 30%
.github/workflows/security-sast-python.yml .github/workflows/security-sast-python.yml modified 30%
.github/workflows/security-secrets.yml .github/workflows/security-secrets.yml modified 30%

Recommendations

  • ℹ️ coverage: 13 symbols have low mapping confidence. Index may be stale.
    • Action: Run 'ckb index' to refresh the SCIP index

Generated by CKB

@github-actions

Copy link
Copy Markdown

CKB Analysis

Risk Files +73 -73 Modules

🎯 13 changed → 0 affected · 🔥 13 hotspots · 📚 197 stale

Risk factors: Medium-sized PR with 13 files • Touches 13 hotspot(s)

👥 Suggested: @lisa.welsch1985@gmail.com (77%), @talantyyr@gmail.com (77%)

Metric Value
Impact Analysis 13 symbols → 0 affected 🟢
Doc Coverage 6.598984771573605% ⚠️
Complexity 0 violations
Coupling 0 gaps
Blast Radius 0 modules, 0 files
Index indexed (1s) 🆕
🎯 Change Impact Analysis · 🟢 LOW · 13 changed → 0 affected
Metric Value
Symbols Changed 13
Directly Affected 0
Transitively Affected 0
Modules in Blast Radius 0
Files in Blast Radius 0

Symbols changed in this PR:

Recommendations:

  • ℹ️ 13 symbols have low mapping confidence. Index may be stale.
    • Action: Run 'ckb index' to refresh the SCIP index
🔥 Hotspots · 13 volatile files
File Churn Score
.github/workflows/build-matrix.yml 2.43
.github/workflows/ci.yml 4.57
.github/workflows/ckb.yml 4.02
.github/workflows/cov.yml 2.74
.github/workflows/nfr.yml 3.53
.github/workflows/release.yml 2.74
.github/workflows/security-dependencies.yml 2.99
.github/workflows/security-detect.yml 1.37
📦 Modules · 1 at risk
Module Files
🔴 .github/workflows 13
💡 Quick wins · 10 suggestions
📚 Stale docs · 197 broken references

Generated by CKB · Run details

@github-actions

Copy link
Copy Markdown

CKB Review: ✅ PASS — 90/100

13 files (+146 changes) · 1 modules

Changes 13 files across 1 modules. No blocking issues found.

Check Status Detail
hotspots ℹ️ INFO 13 hotspot file(s) touched (top 10 shown)
blast-radius ℹ️ INFO No symbols with callers in changes
bug-patterns ✅ PASS No bug patterns detected
complexity ✅ PASS No significant complexity increase
risk ✅ PASS Risk score: 0.45 (medium)
test-gaps ✅ PASS All changed functions have tests
coupling ✅ PASS No missing co-change files
dead-code ✅ PASS No dead code in changed files
breaking ✅ PASS No breaking API changes
unwired ✅ PASS All exported symbols are reachable from entrypoints
format-consistency ✅ PASS No format consistency issues
health ✅ PASS No significant health changes
comment-drift ✅ PASS No comment/code drift detected
secrets ✅ PASS No secrets detected
tests ✅ PASS 0 test(s) cover the changes
arch-health ⚪ SKIP Cartographer not compiled in this build
layers ⚪ SKIP Cartographer not compiled in this build
Change Breakdown
Category Files Review Priority
config 13 🟢 Quick check
Code Health

Estimated review: ~44min (moderate)

Reviewers: lisa.welsch1985 (77%) · talantyyr (77%)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants