Update github actions (main) (patch) by renovate[bot] · Pull Request #3338 · conforma/cli

renovate · 2026-06-14T01:01:37Z

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	patch	`v5.0.4` → `v5.0.5`
actions/checkout	action	patch	`v6.0.2` → `v6.0.3`
codecov/codecov-action	action	patch	`v5.5.4` → `v5.5.5`
peter-evans/create-pull-request	action	patch	`v8.1.0` → `v8.1.1`

Release Notes

actions/cache (actions/cache)

`v5.0.5`

Compare Source

What's Changed

Update ts-http-runtime dependency by @yacaovsnc in #1747

Full Changelog: actions/cache@v5...v5.0.5

actions/checkout (actions/checkout)

`v6.0.3`

Compare Source

Fix checkout init for SHA-256 repositories by @yaananth in #2439
fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in #2414

codecov/codecov-action (codecov/codecov-action)

`v5.5.5`

Compare Source

peter-evans/create-pull-request (peter-evans/create-pull-request)

`v8.1.1`: Create Pull Request v8.1.1

Compare Source

What's Changed

build(deps-dev): bump the npm group with 2 updates by @dependabot[bot] in #4305
build(deps): bump minimatch by @dependabot[bot] in #4311
build(deps): bump the github-actions group with 2 updates by @dependabot[bot] in #4316
build(deps): bump @tootallnate/once and jest-environment-jsdom by @dependabot[bot] in #4323
build(deps-dev): bump undici from 6.23.0 to 6.24.0 by @dependabot[bot] in #4328
build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in #4334
build(deps): bump picomatch by @dependabot[bot] in #4339
build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in #4344
build(deps-dev): bump the npm group with 3 updates by @dependabot[bot] in #4349
fix: retry post-creation API calls on 422 eventual consistency errors by @peter-evans in #4356

Full Changelog: peter-evans/create-pull-request@v8.1.0...v8.1.1

Configuration

📅 Schedule: (UTC)

Branch creation
- Between 12:00 AM and 03:59 AM (* 0-3 * * *)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

fullsend-ai-review · 2026-06-14T01:03:19Z

🤖 Finished Review · ✅ Success · Started 1:03 AM UTC · Completed 1:09 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-14T01:09:28Z

Review

Findings

High

[protected-path] .github/workflows/ — All 6 changed files are under the .github/ protected path. This PR has no linked issue providing explicit authorization for modifying governance/infrastructure files. Modified protected files: .github/workflows/checks-codecov.yaml, .github/workflows/codeql.yaml, .github/workflows/lint.yaml, .github/workflows/release.yaml, .github/workflows/scorecard.yml, .github/workflows/update-go-containerregistry.yaml. Human approval is required for all protected-path changes regardless of context.
Remediation: A repository maintainer should review and approve these workflow changes directly. Consider linking a tracking issue to provide authorization context for future Renovate workflow updates.

Info

[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model claude-sonnet-4-5@20250929 is not available on the deployment. This is a mechanical version-bump PR with no style surface area, so impact is negligible.
[sub-agent-failure] N/A — The intent-coherence sub-agent did not return findings: model claude-sonnet-4-5@20250929 is not available on the deployment. For a mechanical Renovate patch-bump PR, scope authorization is implicit from the automated nature of the change.

Previous run

Review

Findings

High

[protected-path] .github/workflows/ — All 6 files modified in this PR are under the .github/ protected path (checks-codecov.yaml, codeql.yaml, lint.yaml, release.yaml, scorecard.yml, update-go-containerregistry.yaml). The PR has no linked issue providing explicit authorization for modifying governance/infrastructure files. Human approval is always required for protected-path changes.
Remediation: A human maintainer should review and approve these workflow changes. While the changes are routine Renovate patch version bumps for GitHub Actions (actions/cache v5.0.4→v5.0.5, actions/checkout v6.0.2→v6.0.3, codecov/codecov-action v5.5.4→v5.5.5, peter-evans/create-pull-request v8.1.0→v8.1.1), protected-path policy requires explicit human sign-off.

Info

[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model not available on the deployment. Given the mechanical nature of this diff (value-only SHA and version comment updates), no style findings are expected.

Previous run (2)

Review

Findings

High

[protected-path] .github/workflows/ — All 6 changed files are under the .github/ protected path: checks-codecov.yaml, codeql.yaml, lint.yaml, release.yaml, scorecard.yml, update-go-containerregistry.yaml. This PR has no linked issue justifying the modification of governance/infrastructure files. Human approval is required for all changes to protected paths, regardless of whether the changes are automated dependency bumps.
Remediation: A maintainer should verify that the updated commit SHAs correspond to the expected patch releases (actions/cache v5.0.5, actions/checkout v6.0.3, codecov/codecov-action v5.5.5, peter-evans/create-pull-request v8.1.1) and approve.

Info

[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model claude-sonnet-4-5@20250929 is not available on the deployment. Given the mechanical nature of this version-bump PR, no style findings are expected.

fullsend-ai-review

See the review comment for full details.

codecov · 2026-06-14T01:11:29Z

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	`53.43% <ø> (ø)`
generative	`16.79% <ø> (ø)`
integration	`27.66% <ø> (ø)`
unit	`69.13% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

fullsend-ai-review · 2026-06-17T13:11:24Z

🤖 Finished Review · ✅ Success · Started 1:11 PM UTC · Completed 1:17 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-17T18:51:41Z

🤖 Finished Review · ✅ Success · Started 6:51 PM UTC · Completed 6:57 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

renovate Bot added main renovate labels Jun 14, 2026

renovate Bot enabled auto-merge June 14, 2026 01:01

github-actions Bot added the size: S label Jun 14, 2026

fullsend-ai-review Bot suggested changes Jun 14, 2026

View reviewed changes

renovate Bot force-pushed the renovate/main-patch-github-actions branch from a498b34 to 2ed129f Compare June 17, 2026 13:09

fullsend-ai-review Bot suggested changes Jun 17, 2026

View reviewed changes

Update github actions

29b3eba

renovate Bot force-pushed the renovate/main-patch-github-actions branch from 2ed129f to 29b3eba Compare June 17, 2026 18:49

fullsend-ai-review Bot suggested changes Jun 17, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update github actions (main) (patch)#3338

Update github actions (main) (patch)#3338
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-patch-github-actions

renovate Bot commented Jun 14, 2026

Uh oh!

fullsend-ai-review Bot commented Jun 14, 2026 •

edited

Loading

Uh oh!

fullsend-ai-review Bot commented Jun 14, 2026 •

edited

Loading

Review

Findings

High

Info

Review

Findings

High

Info

Uh oh!

fullsend-ai-review Bot left a comment

Uh oh!

codecov Bot commented Jun 14, 2026 •

edited

Loading

Uh oh!

fullsend-ai-review Bot commented Jun 17, 2026 •

edited

Loading

Uh oh!

fullsend-ai-review Bot left a comment

Uh oh!

fullsend-ai-review Bot commented Jun 17, 2026 •

edited

Loading

Uh oh!

fullsend-ai-review Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Jun 14, 2026

Release Notes

v5.0.5

What's Changed

v6.0.3

v5.5.5

v8.1.1: Create Pull Request v8.1.1

What's Changed

Configuration

Uh oh!

fullsend-ai-review Bot commented Jun 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fullsend-ai-review Bot commented Jun 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review

Findings

High

Info

Review

Findings

High

Info

Review

Findings

High

Info

Uh oh!

fullsend-ai-review Bot left a comment

Choose a reason for hiding this comment

Uh oh!

codecov Bot commented Jun 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

fullsend-ai-review Bot commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fullsend-ai-review Bot left a comment

Choose a reason for hiding this comment

Uh oh!

fullsend-ai-review Bot commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fullsend-ai-review Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v5.0.5`

`v6.0.3`

`v5.5.5`

`v8.1.1`: Create Pull Request v8.1.1

fullsend-ai-review Bot commented Jun 14, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 14, 2026 •

edited

Loading

codecov Bot commented Jun 14, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 17, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 17, 2026 •

edited

Loading