Skip to content

chore(deps): bump dotnet/nbgv from fbf134967b62979a9fd274dce17e13682def693e to 305c840d64f86cec5a7727df1c19b3282d468220 in the github-actions-dependencies group#549

Merged
JerrettDavis merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-5a357a8566
Jun 30, 2026
Merged

chore(deps): bump dotnet/nbgv from fbf134967b62979a9fd274dce17e13682def693e to 305c840d64f86cec5a7727df1c19b3282d468220 in the github-actions-dependencies group#549
JerrettDavis merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-5a357a8566

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions-dependencies group with 1 update: dotnet/nbgv.

Updates dotnet/nbgv from fbf134967b62979a9fd274dce17e13682def693e to 305c840d64f86cec5a7727df1c19b3282d468220

Commits
  • 305c840 Merge pull request #238 from dotnet/dependabot/npm_and_yarn/undici-6.27.0
  • baed2ff Bump undici from 6.26.0 to 6.27.0
  • 8558d0c Merge pull request #236 from dotnet/renovate/semver-7.x-lockfile
  • cc5fc6d Merge pull request #235 from dotnet/renovate/node-25.x-lockfile
  • 4188825 Merge pull request #234 from dotnet/renovate/lock-file-maintenance
  • 734c908 Merge pull request #233 from dotnet/renovate/yarn-monorepo
  • 3de0655 Merge pull request #237 from dotnet/dependabot/npm_and_yarn/tar-7.5.16
  • e58ac3f Bump tar from 7.5.15 to 7.5.16
  • 707e8b6 Update dependency semver to v7.8.5
  • 67e8ced Update dependency @​types/node to v25.9.4
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions-dependencies group with 1 update: [dotnet/nbgv](https://github.com/dotnet/nbgv).


Updates `dotnet/nbgv` from fbf134967b62979a9fd274dce17e13682def693e to 305c840d64f86cec5a7727df1c19b3282d468220
- [Release notes](https://github.com/dotnet/nbgv/releases)
- [Commits](dotnet/nbgv@fbf1349...305c840)

---
updated-dependencies:
- dependency-name: dotnet/nbgv
  dependency-version: 305c840d64f86cec5a7727df1c19b3282d468220
  dependency-type: direct:production
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/pr-validation.yml

PackageVersionLicenseIssue Type
dotnet/nbgv305c840d64f86cec5a7727df1c19b3282d468220NullUnknown License
Denied Licenses: GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
actions/dotnet/nbgv 305c840d64f86cec5a7727df1c19b3282d468220 🟢 4.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/14 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/pr-validation.yml

@github-actions

Copy link
Copy Markdown
Contributor

Test Results

7 641 tests   7 622 ✅  2m 42s ⏱️
    7 suites     19 💤
    7 files        0 ❌

Results for commit d687bf4.

@github-actions

Copy link
Copy Markdown
Contributor

Code Coverage

Summary
  Generated on: 06/29/2026 - 11:33:08
  Coverage date: 06/29/2026 - 11:31:16 - 06/29/2026 - 11:32:59
  Parser: MultiReport (7x Cobertura)
  Assemblies: 23
  Classes: 1067
  Files: 591
  Line coverage: 74.7%
  Covered lines: 36848
  Uncovered lines: 12466
  Coverable lines: 49314
  Total lines: 97285
  Branch coverage: 61.7% (13900 of 22512)
  Covered branches: 13900
  Total branches: 22512
  Method coverage: 86.4% (6319 of 7308)
  Full method coverage: 74.2% (5428 of 7308)
  Covered methods: 6319
  Fully covered methods: 5428
  Total methods: 7308

@JerrettDavis JerrettDavis merged commit d5e178f into main Jun 30, 2026
15 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-dependencies-5a357a8566 branch June 30, 2026 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant