Skip to content

chore(security): nox remediation#83

Merged
felixgeelhaar merged 2 commits into
mainfrom
nox/remediate-28659958796
Jul 3, 2026
Merged

chore(security): nox remediation#83
felixgeelhaar merged 2 commits into
mainfrom
nox/remediate-28659958796

Conversation

@felixgeelhaar

Copy link
Copy Markdown
Collaborator

Automated remediation by nox fix --actions: OSV-vulnerable dependency upgrades and outdated GitHub Actions pins bumped to their latest SHA-pinned release. Replaces dependabot.

Copilot AI review requested due to automatic review settings July 3, 2026 12:16
@felixgeelhaar felixgeelhaar added the dependencies Pull requests that update a dependency file label Jul 3, 2026
@felixgeelhaar felixgeelhaar enabled auto-merge (squash) July 3, 2026 12:17

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Automated nox fix --actions security remediation updating GitHub Actions to newer, SHA-pinned revisions as part of moving away from Dependabot-driven updates.

Changes:

  • Bump softprops/action-gh-release pin to v3.0.1 (SHA-pinned).
  • Switch actions/setup-node in the Pages deploy workflow from a tag to a SHA-pinned v6.4.0.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/release.yml Updates the action-gh-release action to a newer SHA-pinned release.
.github/workflows/deploy.yml Pins setup-node to a specific commit SHA for improved supply-chain security.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/deploy.yml
@felixgeelhaar felixgeelhaar merged commit 400e798 into main Jul 3, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants