chore: sync GitHub Actions hashes to latest versions, add Dependabot by Copilot · Pull Request #1099 · msgspec/msgspec · GitHub
Skip to content

chore: sync GitHub Actions hashes to latest versions, add Dependabot#1099

Merged
ofek merged 1 commit into
mainfrom
copilot/sync-action-hashes-version-comments
Jun 26, 2026
Merged

chore: sync GitHub Actions hashes to latest versions, add Dependabot#1099
ofek merged 1 commit into
mainfrom
copilot/sync-action-hashes-version-comments

Conversation

Copilot AI commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Several action SHA pins had stale or imprecise version comments (e.g. # v6 pointing to v6.2.0, # v7 pointing to v7.6.0). All actions have been updated to their latest releases with exact semver comments.

Action updates

Action Before After
actions/checkout v5.0.1 v7.0.0
actions/setup-python v6.2.0 (labeled # v6) v6.3.0
astral-sh/setup-uv v7.6.0 (labeled # v7) v8.2.0
actions/upload-artifact v5.0.0 (labeled # v5) v7.0.1
actions/download-artifact v6.0.0 / v5.0.0 v8.0.1
codecov/codecov-action v5.5.5 (labeled # v5) v7.0.0
actions/cache v4.3.0 (labeled # v4) v6.0.0
lycheeverse/lychee-action correct hash, labeled # v2 comment → # v2.8.0
CodSpeedHQ/action v4.17.5 v4.18.1
pypa/gh-action-pypi-publish correct hash, labeled # release/v1 comment → # v1.14.0
cloudflare/wrangler-action v4.0.0 no change (already latest)

Dependabot

Added .github/dependabot.yml with weekly GitHub Actions updates, all grouped into a single PR, and a 7-day cooldown to avoid chasing immature releases.

Validation

zizmor reports 0 findings after all changes.

Copilot AI changed the title chore: update GitHub Actions to latest versions with correct hashes chore: sync GitHub Actions hashes to latest versions, add Dependabot Jun 25, 2026
Copilot AI requested a review from sobolevn June 25, 2026 10:02
sobolevn
sobolevn approved these changes Jun 25, 2026
View reviewed changes

@sobolevn sobolevn left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am fine with it as long as zizmor passes.
Please note that I also requested to add dependabot.yml so we would not face this issue again.

@sobolevn sobolevn marked this pull request as ready for review June 25, 2026 10:13
@sobolevn sobolevn requested review from a team and provinzkraut June 25, 2026 10:13
@codspeed-hq

codspeed-hq Bot commented Jun 25, 2026

Copy link
Copy Markdown

@sobolevn sobolevn mentioned this pull request Jun 25, 2026
Open
@ofek ofek added this pull request to the merge queue Jun 26, 2026
Merged via the queue into main with commit 18795c5 Jun 26, 2026
28 checks passed
@ofek ofek deleted the copilot/sync-action-hashes-version-comments branch June 26, 2026 02:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ofek ofek ofek approved these changes
@provinzkraut provinzkraut Awaiting requested review from provinzkraut
+1 more reviewer
@sobolevn sobolevn sobolevn approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

@sobolevn sobolevn

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sobolevn @ofek