Conversation
Bumps [MishaKav/pytest-coverage-comment](https://github.com/mishakav/pytest-coverage-comment) from a01708271d42c5703d489b13eb503ba47c01e82a to fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c. - [Release notes](https://github.com/mishakav/pytest-coverage-comment/releases) - [Changelog](https://github.com/MishaKav/pytest-coverage-comment/blob/main/CHANGELOG.md) - [Commits](MishaKav/pytest-coverage-comment@a017082...fd9adbd) --- updated-dependencies: - dependency-name: MishaKav/pytest-coverage-comment dependency-version: fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
diff-vader-bot
left a comment
There was a problem hiding this comment.
🟢 Risk: LOW — no substantive findings
✅ Diff Vader · Approved
Council reviewed 1 file · 11 reviewers · 0 findings · $0.36
- ✅
blast‑radius - ✅
correctness - ✅
github‑actions - ❓
iac— skipped: filter: not applicable to changed files - ❓
migration‑safety— skipped: filter: not applicable to changed files - ✅
performance - ✅
revertibility - ✅
security‑tenant‑isolation - ❓
supply‑chain— skipped: filter: not applicable to changed files - ✅
supportability - ✅
test‑adequacy
Why: All approval gates passed.
💡 /diff-vader-review <name> adds a one-shot reviewer. Beyond this PR's council, you can request: backup-correctness, loop-design-system.
| uses: MishaKav/pytest-coverage-comment@fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c # main | ||
| if: github.event_name == 'pull_request' | ||
| with: | ||
| pytest-coverage-path: pytest-coverage.txt |
There was a problem hiding this comment.
pr-reviewer-github-actions — confidence 85% (advisory)
MishaKav/pytest-coverage-comment: publisher 'MishaKav' is not on the trusted allowlist. This is a pre-existing condition (the prior SHA was also from this publisher) — no new risk introduced by this bump.
React with 👍 / 👎 / 😕 to help us calibrate — why.
| uses: MishaKav/pytest-coverage-comment@fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c # main | ||
| if: github.event_name == 'pull_request' | ||
| with: | ||
| pytest-coverage-path: pytest-coverage.txt |
There was a problem hiding this comment.
pr-reviewer-github-actions — confidence 85% (advisory)
MishaKav/pytest-coverage-comment@fd9adbd is approximately 92 hours old (threshold: 168h), so it hasn't yet accumulated a full week of community vetting. However, this is a Dependabot-generated SHA bump — Dependabot verifies the SHA corresponds to a tagged release before proposing it. Per the Dependabot exemption, this finding is advisory only.
React with 👍 / 👎 / 😕 to help us calibrate — why.
Bumps MishaKav/pytest-coverage-comment from a01708271d42c5703d489b13eb503ba47c01e82a to fd9adbdca9fdfbe2b9bfa44a7340e6a83346ce6c.
Changelog
Sourced from MishaKav/pytest-coverage-comment's changelog.
... (truncated)
Commits
fd9adbdfeat: add coverage.py JSON report support (pytest-json-coverage-path) (#286)4a4889efix: correct coverage percentage when branch coverage is enabled (#285)a15368fBump the npm-development group with 3 updates (#281)fc9dc0fBump actions/cache from 5 to 6 (#280)839593bBump actions/checkout from 6 to 7 (#279)e48ae95Show partial branches as arrows in the Missing column for XML coverage (#274)...810a628Bump@vercel/nccto 0.44.0 and dev dependencies (#275)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)