Skip to content

chore(deps): batch dependabot bumps (docker python + actions-minor-patch)#103

Merged
brownjuly2003-code merged 2 commits into
mainfrom
chore/deps-batch-2026-06-29
Jun 29, 2026
Merged

chore(deps): batch dependabot bumps (docker python + actions-minor-patch)#103
brownjuly2003-code merged 2 commits into
mainfrom
chore/deps-batch-2026-06-29

Conversation

@brownjuly2003-code

Copy link
Copy Markdown
Owner

Summary

Consolidates the two open Dependabot PRs into one batch (precedent: #94), by
cherry-picking the exact Dependabot commits so the 40-hex SHA pins — required by
tests/unit/test_workflow_action_pinning.py — are preserved verbatim.

Supersedes:

Verification (no-Docker)

  • 67 workflow/governance unit tests pass, including
    test_workflow_action_pinning.py (every uses: still a full SHA + version
    comment — no pin regression).
  • Dependabot authorship preserved on both cherry-picked commits.

🤖 Generated with Claude Code

dependabot Bot added 2 commits June 29, 2026 14:22
Bumps python from `e2d3af7` to `721dc13`.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.11-slim-bookworm
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the actions-minor-patch group with 4 updates: [actions/setup-python](https://github.com/actions/setup-python), [azure/setup-helm](https://github.com/azure/setup-helm), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).


Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

Updates `azure/setup-helm` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](Azure/setup-helm@dda3372...9bc31f4)

Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@a2bbfa2...0f67c3f)

Updates `aws-actions/configure-aws-credentials` from 6.2.0 to 6.2.1
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@e7f100c...254c19b)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: azure/setup-helm
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: actions/attest-build-provenance
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions

Copy link
Copy Markdown

DORA Metrics

  • Window: last 30 days
  • Branch: main
  • Deployment frequency: 165 total / 38.5 per week
  • Lead time for changes: avg 0.27h / median 0.0h
  • Change failure rate: 58.79% (97/165)
  • MTTR: 0.23h across 4 incident(s)

@brownjuly2003-code brownjuly2003-code merged commit 9d8bda6 into main Jun 29, 2026
22 of 23 checks passed
@brownjuly2003-code brownjuly2003-code deleted the chore/deps-batch-2026-06-29 branch June 29, 2026 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant