| Age | Commit message (Collapse) | Author |
|
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/a309ff8b426b58ec0e2a45f0f869d46889d02405...ece7cb06caefa5fff74198d8649806c4678c61a1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Per OpenSSF Scorecard 'Pinned-Dependencies' guidance, third-party
GitHub Actions should be referenced by full commit SHA, not by tag.
Tags are mutable; a SHA is not.
Each pin keeps a '# vX.Y.Z' trailing comment so Dependabot can read
the current version and propose updates while still pinning by SHA.
- actions/checkout de0fac2 # v6.0.2
- actions/setup-python a309ff8 # v6.2.0
- astral-sh/setup-uv 0880764 # v8.1.0
- pypa/gh-action-pypi-publish cef2210 # v1.14.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
|
|
GitHub deprecation notice: Node.js 20 will be removed from runners in
September 2026 and forced to Node 24 in June 2026. Pin to current
majors that already run on Node 24.
- actions/checkout@v4 -> v6
- actions/setup-python@v5 -> v6
- astral-sh/setup-uv@v3 -> v8
- pypa/gh-action-pypi-publish@v1.13.0 -> v1.14.0
- pre-commit/pre-commit-hooks@v5.0.0 -> v6.0.0
This commit does not change pyvyos HTTP payloads, request handling, or
response parsing.
|
|
|
|
version and dependencies
|
|
|
|
|