2f4128a31c
Bump github/codeql-action from 4.35.4 to 4.35.5 ( #1624 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 4.35.4 to 4.35.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.5</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899 ">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791 ">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892 ">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880 ">#3880</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894 ">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893 ">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5 ">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926 ">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899 ">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791 ">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892 ">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880 ">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4 ">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881 ">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837 ">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850 ">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853 ">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852 ">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3 ">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865 ">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795 ">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789 ">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794 ">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807 ">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2 ">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823 ">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781 ">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158 ">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767 ">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1 ">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773 ">#3773</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba "><code>9e0d7b8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3905 ">#3905</a>
from github/update-v4.35.5-d4b485515</li>
<li><a
href="https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684 "><code>6d7d599</code></a>
Add changelog entry for <a
href="https://redirect.github.com/github/codeql-action/issues/3899 ">#3899</a></li>
<li><a
href="https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14 "><code>51f7e38</code></a>
Update changelog for v4.35.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11 "><code>d4b4855</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3899 ">#3899</a>
from github/mbg/esbuild/split</li>
<li><a
href="https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9 "><code>127de81</code></a>
Merge remote-tracking branch 'origin/main' into mbg/esbuild/split</li>
<li><a
href="https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b "><code>7fde13f</code></a>
Use src + basename in header to avoid issues on Windows</li>
<li><a
href="https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933 "><code>dfa61e7</code></a>
Improve pattern matching and error handling</li>
<li><a
href="https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a "><code>52aafec</code></a>
Import and call <code>runWrapper</code> normally in <code>analyze</code>
tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111 "><code>0d08c01</code></a>
Auto-generate shared bundle</li>
<li><a
href="https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204 "><code>14085a6</code></a>
Auto-generate entry points</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-28 10:27:18 -07:00
99b29ef3c7
Bump github/codeql-action from 4.35.2 to 4.35.4 ( #1586 )
2026-05-14 08:49:18 -07:00
a33e431433
Enable codeql scanning ( #1532 )
...
This enables security vulnerability scanning using CodeQL.
2026-04-20 11:28:31 -07:00
a8500b6b03
Add dependency submission ( #1523 )
...
This adds jobs to add Gradle dependencies to [GitHub's dependency
submission
API](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/using-the-dependency-submission-api ),
and to review when these dependencies change.
2026-04-15 22:21:17 -07:00
46da9cb33a
Bump actions/create-github-app-token from 2.2.1 to 2.2.2 ( #1469 )
2026-03-16 09:55:09 -07:00
51bb1a5c7e
Bump gradle/actions from 5.0.1 to 5.0.2 ( #1456 )
2026-03-02 09:00:50 -08:00
77395a86f4
Bump EnricoMi/publish-unit-test-result-action from 2.22.0 to 2.23.0 ( #1435 )
2026-02-23 08:51:04 -08:00
effa4844e6
Bump pkl.impl.ghactions to version 1.3.5 ( #1422 )
2026-02-06 08:43:45 -08:00
7b7b51c0ae
Bump gradle/actions from 5.0.0 to 5.0.1 ( #1420 )
...
Bumps [gradle/actions](https://github.com/gradle/actions ) from 5.0.0 to
5.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gradle/actions/releases ">gradle/actions's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>npm</code> code dependency versions</li>
<li>Bump Gradle versions used in sample builds</li>
<li>Bump dependencies versions in Gradle sample builds</li>
<li>Bump GitHub actions used for build and test</li>
<li>Update known wrapper checksums to include Gradle 9.2+</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gradle/actions/compare/v5.0.0...v5.0.1 ">https://github.com/gradle/actions/compare/v5.0.0...v5.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gradle/actions/commit/f29f5a9d7b09a7c6b29859002d29d24e1674c884 "><code>f29f5a9</code></a>
Attempt to fix flaky caching tests (<a
href="https://redirect.github.com/gradle/actions/issues/836 ">#836</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/8c7f3ffba4042e38a9b017ec1433452e674e4403 "><code>8c7f3ff</code></a>
Bump to v1.4.1 of the dependency-submission plugin</li>
<li><a
href="https://github.com/gradle/actions/commit/85e9805d21cf3b1d1c54c470ae15083df20e00ed "><code>85e9805</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/acb81f1e15dbc4ea06da2aa52ac9a056747ba8cf "><code>acb81f1</code></a>
Bump the npm-dependencies group across 1 directory with 8 updates (<a
href="https://redirect.github.com/gradle/actions/issues/821 ">#821</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/00660c8721edeac5845b81ab1a2d47af4de1e150 "><code>00660c8</code></a>
Bump github/codeql-action from 4.31.10 to 4.32.0 in the github-actions
group ...</li>
<li><a
href="https://github.com/gradle/actions/commit/d498ad3b5f3030c0feb2913ae7059605e5d4de40 "><code>d498ad3</code></a>
[bot] Update dist directory</li>
<li><a
href="https://github.com/gradle/actions/commit/de83f3396312260c9a3dfc1d77ee4b6f2361eb9a "><code>de83f33</code></a>
Update Gradle version and Gradle dependencies (<a
href="https://redirect.github.com/gradle/actions/issues/834 ">#834</a>)</li>
<li><a
href="https://github.com/gradle/actions/commit/baabf402fa7896574cf6caf18668d5509e3ce8ef "><code>baabf40</code></a>
Bump the github-actions group across 2 directories with 5 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/69353a9e141a8a7865bcbf48a099ad644e9adf2f "><code>69353a9</code></a>
Bump the gradle group across 1 directory with 4 updates</li>
<li><a
href="https://github.com/gradle/actions/commit/221c7f4dbd2468936638e2ba4fe1d987ce3bbe0d "><code>221c7f4</code></a>
Update known wrapper checksums</li>
<li>Additional commits viewable in <a
href="https://github.com/gradle/actions/compare/4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2...f29f5a9d7b09a7c6b29859002d29d24e1674c884 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 09:39:13 -08:00
a2bfbd72a7
Bump actions/checkout from 6.0.1 to 6.0.2 ( #1417 )
2026-01-26 09:04:22 -08:00
11b65e4d7a
Bump actions/setup-java from 5.1.0 to 5.2.0 ( #1416 )
2026-01-26 08:55:53 -08:00
474305c7b9
Use gradle/actions/setup-gradle ( #1397 )
...
This adds the setup-gradle action; which has the following improvements:
* Improved cacheing (compared to setup-java's Gradle cache)
* Validates the gradle wrapper jar
2026-01-07 21:10:07 -08:00
35861240a0
Bump EnricoMi/publish-unit-test-result-action from 2.21.0 to 2.22.0 ( #1382 )
...
Bumps
[EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action )
from 2.21.0 to 2.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/enricomi/publish-unit-test-result-action/releases ">EnricoMi/publish-unit-test-result-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.22.0</h2>
<p>Adds the following improvements:</p>
<ul>
<li>Upgrade all Python dependencies to latest version <a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/710 ">#710</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/EnricoMi/publish-unit-test-result-action/compare/v2.21.0...v2.22.0 ">https://github.com/EnricoMi/publish-unit-test-result-action/compare/v2.21.0...v2.22.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/27d65e188ec43221b20d26de30f4892fad91df2f "><code>27d65e1</code></a>
Releasing v2.22.0</li>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/2deae407d71f83660c8129d55379ef777127b1bf "><code>2deae40</code></a>
Upgrade transient dependencies (<a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/710 ">#710</a>)</li>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/a6d8f3d6cae9c3d19a7a97f61e44d5754b97d803 "><code>a6d8f3d</code></a>
Add Ubuntu slim runner (<a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/709 ">#709</a>)</li>
<li><a
href="https://github.com/EnricoMi/publish-unit-test-result-action/commit/d3ed9acf9b75c81bd3ed28fac2ef38e7631afd0b "><code>d3ed9ac</code></a>
CI: Merge check upgrades jobs into single job (<a
href="https://redirect.github.com/enricomi/publish-unit-test-result-action/issues/700 ">#700</a>)</li>
<li>See full diff in <a
href="https://github.com/enricomi/publish-unit-test-result-action/compare/34d7c956a59aed1bfebf31df77b8de55db9bbaaf...27d65e188ec43221b20d26de30f4892fad91df2f ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 09:34:57 -08:00
b92c773555
Bump pkl.impl.ghactions ( #1366 )
2025-12-12 11:30:47 -08:00
cd9cfaae8f
Bump pkl.impl.ghactions, update lockfile to not run ( #1362 )
2025-12-10 21:39:18 -08:00
2578703081
Bump versions, fix dependabot updates ( #1361 )
2025-12-10 18:03:32 -08:00
b170968e9e
Bump pkl.impl.ghactions to 1.1.0, add version locking. ( #1359 )
...
This adopts the version locking introduced in pkl.impl.ghactions@1.1.0.
2025-12-10 16:35:15 -08:00
dependabot[bot]