[action] Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1#154
Open
dependabot[bot] wants to merge 1 commit into
Open
[action] Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1#154dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.1.0 to 8.1.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v8.1.0...v8.1.1) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 1 | 0 | 0 | 0.2s | |
| zizmor | 1 | 1 | 15 | 0 | 1.55s | |
| jscpd | yes | 6 | no | 1.55s | ||
| ✅ EDITORCONFIG | editorconfig-checker | 1 | 0 | 0 | 0.03s | |
| ✅ REPOSITORY | betterleaks | yes | no | no | 0.97s | |
| ✅ REPOSITORY | checkov | yes | no | no | 18.69s | |
| devskim | yes | 118 | 68 | 15.15s | ||
| ✅ REPOSITORY | dustilock | yes | no | no | 0.63s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 2.28s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 49.75s | |
| ✅ REPOSITORY | kingfisher | yes | no | no | 7.9s | |
| osv-scanner | yes | 5 | no | 1.82s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 1.3s | |
| ✅ REPOSITORY | syft | yes | no | no | 2.43s | |
| ✅ REPOSITORY | trivy | yes | no | no | 12.65s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.22s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 4.26s | |
| ✅ SPELL | cspell | 2 | 0 | 0 | 4.04s | |
| lychee | 1 | 2 | 0 | 0.66s | ||
| ✅ YAML | prettier | 1 | 1 | 0 | 0 | 1.66s |
| ✅ YAML | v8r | 1 | 0 | 0 | 2.95s | |
| ✅ YAML | yamllint | 1 | 0 | 0 | 0.55s |
Detailed Issues
⚠️ REPOSITORY / devskim - 118 errors
SkimConfidence":"High"},"level":"warning"},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/pfm2afm.json"},"region":{"startLine":6,"startColumn":12,"endLine":6,"endColumn":78,"charOffset":222,"charLength":66,"snippet":{"text":"\"b6582404f57010e8a000c1fd6b9ec6100016588a15c629ac615834c0125d132e\"","rendered":{"text":"\"b6582404f57010e8a000c1fd6b9ec6100016588a15c629ac615834c0125d132e\"","markdown":"`\"b6582404f57010e8a000c1fd6b9ec6100016588a15c629ac615834c0125d132e\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/path-set.json"},"region":{"startLine":7,"startColumn":12,"endLine":7,"endColumn":78,"charOffset":276,"charLength":66,"snippet":{"text":"\"765a7b7c947616237935179517bf42887ca21e60367ed22c4dabae3b10bfd0d4\"","rendered":{"text":"\"765a7b7c947616237935179517bf42887ca21e60367ed22c4dabae3b10bfd0d4\"","markdown":"`\"765a7b7c947616237935179517bf42887ca21e60367ed22c4dabae3b10bfd0d4\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/android-messages.json"},"region":{"startLine":8,"startColumn":20,"endLine":8,"endColumn":86,"charOffset":369,"charLength":66,"snippet":{"text":"\"06531c1c55351094bcd1df60724c96c9ed44dbbe39663a244899fcbccb1956e8\"","rendered":{"text":"\"06531c1c55351094bcd1df60724c96c9ed44dbbe39663a244899fcbccb1956e8\"","markdown":"`\"06531c1c55351094bcd1df60724c96c9ed44dbbe39663a244899fcbccb1956e8\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/vvv.json"},"region":{"startLine":7,"startColumn":12,"endLine":7,"endColumn":78,"charOffset":356,"charLength":66,"snippet":{"text":"\"2739acb5f0051f676941bb1e9f622ade04cb14d171e3cc6509bc0099c285e7cf\"","rendered":{"text":"\"2739acb5f0051f676941bb1e9f622ade04cb14d171e3cc6509bc0099c285e7cf\"","markdown":"`\"2739acb5f0051f676941bb1e9f622ade04cb14d171e3cc6509bc0099c285e7cf\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/wizmo.json"},"region":{"startLine":7,"startColumn":12,"endLine":7,"endColumn":78,"charOffset":239,"charLength":66,"snippet":{"text":"\"7b0b47f936d24686de461bea05a9480179035a5b2b23a74167a7728e95922d5d\"","rendered":{"text":"\"7b0b47f936d24686de461bea05a9480179035a5b2b23a74167a7728e95922d5d\"","markdown":"`\"7b0b47f936d24686de461bea05a9480179035a5b2b23a74167a7728e95922d5d\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/gifsicle.json"},"region":{"startLine":15,"startColumn":20,"endLine":15,"endColumn":86,"charOffset":633,"charLength":66,"snippet":{"text":"\"7e47dd0bfd5ee47f911464c57faeed89a8709a7625dd1c449b16579889539ee8\"","rendered":{"text":"\"7e47dd0bfd5ee47f911464c57faeed89a8709a7625dd1c449b16579889539ee8\"","markdown":"`\"7e47dd0bfd5ee47f911464c57faeed89a8709a7625dd1c449b16579889539ee8\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/gifsicle.json"},"region":{"startLine":10,"startColumn":20,"endLine":10,"endColumn":86,"charOffset":371,"charLength":66,"snippet":{"text":"\"f31464e334b9fb83d4dc60a25bde7cfa35829564bc378c40f0d3c6350910256c\"","rendered":{"text":"\"f31464e334b9fb83d4dc60a25bde7cfa35829564bc378c40f0d3c6350910256c\"","markdown":"`\"f31464e334b9fb83d4dc60a25bde7cfa35829564bc378c40f0d3c6350910256c\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/ztree-beta.json"},"region":{"startLine":9,"startColumn":12,"endLine":9,"endColumn":78,"charOffset":350,"charLength":66,"snippet":{"text":"\"f1b533f46ceefd52a285d4f0f5ddcbfada17686eff680525bd1347997d3e1a59\"","rendered":{"text":"\"f1b533f46ceefd52a285d4f0f5ddcbfada17686eff680525bd1347997d3e1a59\"","markdown":"`\"f1b533f46ceefd52a285d4f0f5ddcbfada17686eff680525bd1347997d3e1a59\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS137138","message":{"text":"Insecure URL"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/audacity-lame-plugin.json"},"region":{"startLine":14,"startColumn":16,"endLine":14,"endColumn":38,"charOffset":548,"charLength":22,"snippet":{"text":"http://lame.buanzo.org","rendered":{"text":"http://lame.buanzo.org","markdown":"`http://lame.buanzo.org`"}},"sourceLanguage":"json"}}}],"fixes":[{"description":{"text":"An HTTP-based URL without TLS was detected."},"artifactChanges":[{"artifactLocation":{"uri":"bucket/audacity-lame-plugin.json"},"replacements":[{"deletedRegion":{"charOffset":548,"charLength":22},"insertedContent":{"text":"https://lame.buanzo.org"}}]}]}],"properties":{"tags":["ThreatModel.Integration.HTTP"],"DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"level":"warning"},{"ruleId":"DS173237","level":"error","message":{"text":"Do not store tokens or keys in source code."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/audacity-lame-plugin.json"},"region":{"startLine":11,"startColumn":12,"endLine":11,"endColumn":78,"charOffset":363,"charLength":66,"snippet":{"text":"\"2ad66ed683b0074d0381055d387a871cce3c38626fea29ee30710f73cee12356\"","rendered":{"text":"\"2ad66ed683b0074d0381055d387a871cce3c38626fea29ee30710f73cee12356\"","markdown":"`\"2ad66ed683b0074d0381055d387a871cce3c38626fea29ee30710f73cee12356\"`"}},"sourceLanguage":"json"}}}],"properties":{"tags":["Implementation.Privacy.Token"],"DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"ruleId":"DS137138","message":{"text":"Insecure URL"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bucket/audacity-lame-plugin.json"},"region":{"startLine":4,"startColumn":17,"endLine":4,"endColumn":39,"charOffset":93,"charLength":22,"snippet":{"text":"http://lame.buanzo.org","rendered":{"text":"http://lame.buanzo.org","markdown":"`http://lame.buanzo.org`"}},"sourceLanguage":"json"}}}],"fixes":[{"description":{"text":"An HTTP-based URL without TLS was detected."},"artifactChanges":[{"artifactLocation":{"uri":"bucket/audacity-lame-plugin.json"},"replacements":[{"deletedRegion":{"charOffset":93,"charLength":22},"insertedContent":{"text":"https://lame.buanzo.org"}}]}]}],"properties":{"tags":["ThreatModel.Integration.HTTP"],"DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"level":"warning"}],"columnKind":"utf16CodeUnits"}]}
(Truncated to last 8000 characters out of 155660)
⚠️ COPYPASTE / jscpd - 6 errors
Using config from .github/linters/.jscpd.json
Clone found (powershell)
- bin/checkhashes.ps1 [38:25 - 43:43] (6 lines, 57 tokens)
bin/checkver.ps1 [56:17 - 61:43]
Clone found (powershell)
- bin/checkhashes.ps1 [58:1 - 68:50] (11 lines, 61 tokens)
bin/checkver.ps1 [72:1 - 82:50]
Clone found (powershell)
- bin/checkurls.ps1 [28:51 - 36:6] (9 lines, 65 tokens)
bin/checkver.ps1 [52:96 - 60:6]
Clone found (powershell)
- bin/checkurls.ps1 [28:51 - 35:46] (8 lines, 63 tokens)
bin/describe.ps1 [9:29 - 16:46]
Clone found (powershell)
- bin/describe.ps1 [8:33 - 24:67] (17 lines, 120 tokens)
bin/formatjson.ps1 [7:34 - 23:67]
Clone found (python)
- jsonfmt.py [19:1 - 29:31] (11 lines, 50 tokens)
validate.py [26:1 - 36:31]
┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ ini │ 2 │ 60 │ 136 │ 0 │ 0 (0.00%) │ 0 (0.00%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ powershell │ 11 │ 471 │ 3103 │ 5 │ 46 (9.77%) │ 366 (11.80%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ python │ 9 │ 1927 │ 8304 │ 1 │ 10 (0.52%) │ 50 (0.60%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ toml │ 2 │ 75 │ 276 │ 0 │ 0 (0.00%) │ 0 (0.00%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ txt │ 3 │ 275 │ 2699 │ 0 │ 0 (0.00%) │ 0 (0.00%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total: │ 27 │ 2808 │ 14518 │ 6 │ 56 (1.99%) │ 416 (2.87%) │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 6 clones.
HTML report saved to megalinter-reports/copy-paste/jscpd-report.html
ERROR: jscpd found too many duplicates (2.0%) over threshold (0.5%)
time: 63.626ms
⚠️ SPELL / lychee - 2 errors
📝 Summary
---------------------
🔍 Total............4
🔗 Unique...........4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......1
👻 Excluded.........1
❓ Unknown..........0
🚫 Errors...........2
⛔ Unsupported......2
Errors in .github/workflows/mega-linter.yml
[404] https://megalinter.io/configuration/ (at 123:11) | Rejected status code: 404 Not Found
[404] https://megalinter.io/flavors/ (at 117:24) | Rejected status code: 404 Not Found
Hint: Followed 1 redirect. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`
⚠️ REPOSITORY / osv-scanner - 5 errors
Scanning dir .
Starting filesystem walk for root: /
Scanned requirements.txt file and found 5 packages
End status: 38 dirs visited, 274 inodes visited, 1 Extract calls, 5.372001ms elapsed, 5.372171ms wall time
Total 1 package affected by 5 known vulnerabilities (0 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
5 vulnerabilities can be fixed.
+-------------------------------------+------+-----------+----------+---------+---------------+------------------+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
+-------------------------------------+------+-----------+----------+---------+---------------+------------------+
| https://osv.dev/PYSEC-2018-28 | 7.5 | PyPI | requests | 2.9.2 | 2.20.0 | requirements.txt |
| https://osv.dev/GHSA-x84v-xcm2-53pg | | | | | | |
| https://osv.dev/PYSEC-2023-74 | 6.1 | PyPI | requests | 2.9.2 | 2.31.0 | requirements.txt |
| https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.9.2 | 2.32.4 | requirements.txt |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.9.2 | 2.32.0 | requirements.txt |
| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.9.2 | 2.33.0 | requirements.txt |
+-------------------------------------+------+-----------+----------+---------+---------------+------------------+
⚠️ ACTION / zizmor - 15 errors
INFO zizmor: 🌈 zizmor v1.25.0
INFO audit: zizmor: 🌈 completed .github/workflows/mega-linter.yml
help[artipacked]: credential persistence through GitHub Actions artifacts
--> .github/workflows/mega-linter.yml:96:9
|
96 | - name: Checkout Code
| _________^
97 | | uses: actions/checkout@v6 # was v4, changed by @rasa
98 | | with:
99 | | token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
... |
106 | | # <@rasa>
| |_______________^ does not set persist-credentials: false
|
= note: audit confidence → Low
= note: this finding has an auto-fix
= help: audit documentation → https://docs.zizmor.sh/audits/#artipacked
help[template-injection]: code injection via template expansion
--> .github/workflows/mega-linter.yml:110:11
|
108 | run: |
| --- this run block
109 | cat <<-EOF
110 | inputs=${{ toJSON(inputs) }}
| ^^^^^^ may expand into attacker-controllable code
|
= note: audit confidence → Low
= help: audit documentation → https://docs.zizmor.sh/audits/#template-injection
info[template-injection]: code injection via template expansion
--> .github/workflows/mega-linter.yml:177:39
|
175 | run: |
| --- this run block
176 | cat <<-EOF
177 | steps.ml.outputs=${{ toJSON(steps.ml.outputs) }}
| ^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
|
= note: audit confidence → Low
= help: audit documentation → https://docs.zizmor.sh/audits/#template-injection
info[template-injection]: code injection via template expansion
--> .github/workflows/mega-linter.yml:224:33
|
223 | run: |
| --- this run block
224 | echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
|
= note: audit confidence → Low
= note: this finding has an auto-fix
= help: audit documentation → https://docs.zizmor.sh/audits/#template-injection
info[template-injection]: code injection via template expansion
--> .github/workflows/mega-linter.yml:225:30
|
223 | run: |
| --- this run block
224 | echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
225 | echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
|
= note: audit confidence → Low
= note: this finding has an auto-fix
= help: audit documentation → https://docs.zizmor.sh/audits/#template-injection
error[unpinned-uses]: unpinned action reference
--> .github/workflows/mega-linter.yml:119:15
|
119 | uses: oxsecurity/megalinter@v9 # changed from v7 by @rasa
| ^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
|
= note: audit confidence → High
= note: this finding has an auto-fix
= help: audit documentation → https://docs.zizmor.sh/audits/#unpinned-uses
error[unpinned-uses]: unpinned action reference
--> .github/workflows/mega-linter.yml:212:15
|
212 | uses: peter-evans/create-pull-request@v8.1.1 # changed from v5 by @rasa
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
|
= note: audit confidence → High
= note: this finding has an auto-fix
= help: audit documentation → https://docs.zizmor.sh/audits/#unpinned-uses
error[unpinned-uses]: unpinned action reference
--> .github/workflows/mega-linter.yml:234:15
|
234 | uses: stefanzweifel/git-auto-commit-action@v7.1.0 # changed from v4 by @rasa
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
|
= note: audit confidence → High
= note: this finding has an auto-fix
= help: audit documentation → https://docs.zizmor.sh/audits/#unpinned-uses
15 findings (7 suppressed, 6 unsafe fixes): 3 informational, 2 low, 0 medium, 3 high
No fixes available to apply (6 held back by safe mode). Use --fix=unsafe or --fix=all to apply unsafe fixes.
Notices
📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)
See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps peter-evans/create-pull-request from 8.1.0 to 8.1.1.
Release notes
Sourced from peter-evans/create-pull-request's releases.
Commits
5f6978ffix: retry post-creation API calls on 422 eventual consistency errors (#4356)d32e88dbuild(deps-dev): bump the npm group with 3 updates (#4349)8170bccbuild(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)0041819build(deps): bump picomatch (#4339)b993918build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)36d7c84build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)a45d1fbbuild(deps): bump@tootallnate/onceand jest-environment-jsdom (#4323)3499eb6build(deps): bump the github-actions group with 2 updates (#4316)3f3b473build(deps): bump minimatch (#4311)6699836build(deps-dev): bump the npm group with 2 updates (#4305)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)