| Age | Commit message (Collapse) | Author |
|
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Per OpenSSF Scorecard 'Pinned-Dependencies' guidance, third-party
GitHub Actions should be referenced by full commit SHA, not by tag.
Tags are mutable; a SHA is not.
Each pin keeps a '# vX.Y.Z' trailing comment so Dependabot can read
the current version and propose updates while still pinning by SHA.
- actions/checkout de0fac2 # v6.0.2
- actions/setup-python a309ff8 # v6.2.0
- astral-sh/setup-uv 0880764 # v8.1.0
- pypa/gh-action-pypi-publish cef2210 # v1.14.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
|
|
GitHub deprecation notice: Node.js 20 will be removed from runners in
September 2026 and forced to Node 24 in June 2026. Pin to current
majors that already run on Node 24.
- actions/checkout@v4 -> v6
- actions/setup-python@v5 -> v6
- astral-sh/setup-uv@v3 -> v8
- pypa/gh-action-pypi-publish@v1.13.0 -> v1.14.0
- pre-commit/pre-commit-hooks@v5.0.0 -> v6.0.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
|
|
|
|
version and dependencies
|
|
|
|
|