Bump senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml from 3 to 4

[dependabot]

Bumps senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml from 3 to 4.

Release notes

Sourced from senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml's releases.

4.0.0

What's Changed

• #260 make shared workflows generic, misc cleanup by @​kernelsam in senzing-factory/build-resources#261

Full Changelog: senzing-factory/build-resources@v3...4.0.0

3.0.31

What's Changed

• Bump super-linter/super-linter from 8.4.0 to 8.5.0 by @​dependabot[bot] in senzing-factory/build-resources#257
• if the PR's REFRESHED_AT matches main's value, it only passes if that… by @​kernelsam in senzing-factory/build-resources#259

Full Changelog: senzing-factory/build-resources@v3...3.0.31

3.0.30

What's Changed

• Bump super-linter/super-linter from 8.3.1 to 8.3.2 by @​dependabot[bot] in senzing-factory/build-resources#254
• Bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in senzing-factory/build-resources#250
• Bump super-linter/super-linter from 8.3.2 to 8.4.0 by @​dependabot[bot] in senzing-factory/build-resources#255
• Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in senzing-factory/build-resources#249
• Fix regex for filtering GitHub workflows by @​kernelsam in senzing-factory/build-resources#256

Full Changelog: senzing-factory/build-resources@v3...3.0.30

3.0.29

What's Changed

• Bump super-linter/super-linter from 8.3.0 to 8.3.1 by @​dependabot[bot] in senzing-factory/build-resources#252
• Remove validation for natural language in workflows by @​kernelsam in senzing-factory/build-resources#253

Full Changelog: senzing-factory/build-resources@v3...3.0.29

3.0.28

What's Changed

• Add Markdown formatting guidelines to PR template by @​kernelsam in senzing-factory/build-resources#244
• Enhance PR review instructions for local and GitHub by @​kernelsam in senzing-factory/build-resources#246
• 247 dockter 1 by @​docktermj in senzing-factory/build-resources#248

New Contributors

• @​docktermj made their first contribution in senzing-factory/build-resources#248

Full Changelog: senzing-factory/build-resources@v3...3.0.28

3.0.27

Full Changelog: senzing-factory/build-resources@v3...3.0.27

3.0.26

Full Changelog: senzing-factory/build-resources@v3...3.0.26

... (truncated)

Changelog

Sourced from senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, markdownlint, and this project adheres to Semantic Versioning.

[Unreleased]

• Thing 5
• Thing 4

[1.0.1] - yyyy-mm-dd

Added to 1.0.1

• Thing 3

Fixed in 1.0.1

• Thing 2

[1.0.0] - yyyy-mm-dd

Added to 1.0.0

• Thing 2
• Thing 1

Commits

• 2190011 standardize workflows (#263)
• 52eb86b bump tags to v4, slack channel override, missing claude settings (#262)
• 08fb769 #260 make shared workflows generic, misc cleanup (#261)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🤖 Claude Code Review

Code Review Results

Summary

This is a minimal, low-risk dependency update that bumps a reusable GitHub Actions workflow from v3 to v4. The change is straightforward and follows standard dependency management practices.

---

Detailed Checklist Review

✅ Code Quality

✅ Code follows style guide

• The YAML formatting is correct with proper indentation
• No style violations detected
• File: .github/workflows/add-to-project-g2-python-dependabot.yaml:15

✅ No commented-out code

• No commented-out code present

✅ Meaningful variable names

• N/A - This is a version bump, no new variables introduced

✅ DRY principle followed

• N/A - Single line change

✅ No defects identified

• This is a straightforward version bump from @v3 to @v4
• No logic errors, edge cases, or security vulnerabilities introduced
• The workflow reference follows GitHub Actions best practices

✅ Project memory considerations

• No .claude/CLAUDE.md file exists at project root
• build-resources/.claude/CLAUDE.md exists but is in a submodule - not relevant to this review

---

⚠️ Testing

⚠️ Unit tests for new functions

• N/A - No new functions, this is a workflow version bump
• Note: GitHub Actions workflow changes are typically tested by execution, not unit tests

⚠️ Integration tests for new endpoints

• N/A - No new endpoints

⚠️ Edge cases covered

• N/A - Version bump only

⚠️ Test coverage > 80%

• N/A - Not applicable to GitHub Actions workflow version updates

---

⚠️ Documentation

⚠️ Readme updated if needed

• Not required - version bumps of reusable workflows don't typically require README updates
• The workflow functionality remains the same, only the implementation version changes

⚠️ API docs updated

• N/A - No API changes

⚠️ Inline comments for complex logic

• N/A - No complex logic introduced

❌ CHANGELOG.md updated

• CHANGELOG.md exists at /home/runner/work/g2-python/g2-python/CHANGELOG.md
• This dependency update should be documented with an entry noting the workflow version bump
• Recommended entry: Changed senzing-factory/build-resources workflow from v3 to v4

✅ Markdown files formatting

• N/A - No markdown files modified

---

✅ Security

✅ No hardcoded credentials

• No credentials hardcoded
• Secrets are properly referenced via ${{ secrets.* }}

✅ Input validation implemented

• N/A - No new inputs

✅ Proper error handling

• Error handling is delegated to the reusable workflow at v4

✅ No sensitive data in logs

• No sensitive data exposure

✅ No license files checked in

• No .lic files or AQAAAD strings detected in this diff

---

Recommendations

1. CHANGELOG.md Update (Minor): Consider adding an entry to document this workflow version bump for traceability.

2. Consider reviewing v4 changes: Before merging, verify that the v4 workflow is compatible and review any breaking changes in the upstream repository.

Overall Assessment

Approval: ✅ APPROVED with minor documentation suggestion

This is a clean, standard dependency update with no code quality, security, or functional concerns. The only improvement would be documenting the change in CHANGELOG.md for version tracking purposes.

Automated code review analyzing defects and coding standards

[dependabot]

Looks like senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml is up-to-date now, so this is no longer needed.