From 36a1df977d620feaee3a9bd5f36b9727b57a01da Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 2 Mar 2026 11:17:06 -0700 Subject: [PATCH 1/3] Add missing dependabot ignore rules for unapproved GitHub Actions --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 32e4bfb..8f57b39 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -29,3 +29,5 @@ updates: versions: [">=6.1.0"] - dependency-name: "peter-evans/create-pull-request" versions: [">=8.0.0"] + - dependency-name: "actions/upload-artifact" + versions: [">=6.0.0"] From 30d806b54a26766f9fb8d61b57062aee5af0e7ad Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 2 Mar 2026 11:28:23 -0700 Subject: [PATCH 2/3] Update ignore thresholds to allow approved action versions --- .github/dependabot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8f57b39..6fd8170 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,11 +22,11 @@ updates: timezone: "UTC" ignore: - dependency-name: "actions/checkout" - versions: [">=6.0.2"] + versions: [">=6.0.3"] - dependency-name: "actions/setup-node" - versions: [">=6.2.0"] + versions: [">=6.3.0"] - dependency-name: "actions/setup-python" - versions: [">=6.1.0"] + versions: [">=6.3.0"] - dependency-name: "peter-evans/create-pull-request" versions: [">=8.0.0"] - dependency-name: "actions/upload-artifact" From 847a9c50848db97201a0b4f42343d93805166326 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 2 Mar 2026 11:46:35 -0700 Subject: [PATCH 3/3] Fix upload-artifact threshold: v6.0.0 is approved (PRODSEC-126892) --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6fd8170..76c8fba 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -30,4 +30,4 @@ updates: - dependency-name: "peter-evans/create-pull-request" versions: [">=8.0.0"] - dependency-name: "actions/upload-artifact" - versions: [">=6.0.0"] + versions: [">=7.0.0"]