chore(deps): bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 in the github-actions group#1729
Conversation
Bumps the github-actions group with 1 update: [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `zizmorcore/zizmor-action` from 0.5.6 to 0.5.7 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](zizmorcore/zizmor-action@5f14fd0...192e21d) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM, straightforward Dependabot patch bump pinned by SHA.
Extended reasoning...
Overview
This PR bumps zizmorcore/zizmor-action from v0.5.6 to v0.5.7 in .github/workflows/zizmor.yml. The action remains pinned to a specific commit SHA. Per the upstream release notes, v0.5.7 only updates the bundled zizmor CLI to 1.26.1.
Security risks
None substantive. The action is pinned by full commit SHA (best practice), the workflow continues to use permissions: {} at the top level with narrowly scoped per-job permissions (contents: read, security-events: write), and persist-credentials: false on checkout. This is the security-scanning workflow itself, so an upgrade is generally a net positive.
Level of scrutiny
Very low. This is a single-line, mechanical Dependabot patch bump touching only a CI workflow used for static analysis of other workflows. It does not affect runtime code, packaging, or auth.
Other factors
No bugs were reported by the bug hunting system, no outstanding reviewer comments, and the change matches the established pattern for SHA-pinned action upgrades in this repo.
1 participant
Bumps the github-actions group with 1 update: zizmorcore/zizmor-action.
Updates
zizmorcore/zizmor-actionfrom 0.5.6 to 0.5.7Release notes
Sourced from zizmorcore/zizmor-action's releases.
Commits
192e21dSync zizmor versions (#127)2720f26Update README.md with new actions/checkout version (#126)40b41b8chore(deps): bump the github-actions group with 2 updates (#123)a687b25chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-ac...64a6900add note to explain that the default value foronline-checksis different t...14050abchore(deps): bump the github-actions group with 2 updates (#118)ee9b419chore(deps): bump github/codeql-action in the github-actions group (#116)fddf2b4Bump pins in README (#115)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions