chore: Update templates

[DaveSkender]

No description provided.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: facioquo/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 696ddbf9-5e58-43b5-b15b-2a6fb9a4947b

📥 Commits

Reviewing files that changed from the base of the PR and between 6e706e1 and fc53e85.

📒 Files selected for processing (2)

• .gitattributes
• .github/workflows/lint-pull-request.yml

---

📝 Walkthrough

Walkthrough

The pull request updates CI and repository metadata. The PR lint workflow is renamed and reworked: job renamed to "lint", runner changed to ubuntu-slim, draft PRs are skipped, the semantic PR action upgraded to v6, allowed types expanded, subjectPattern retained, messages and ignore labels updated (adds automated), and lint error comment handling made more structured with deletion enabled. Other changes: EditorConfig and .gitattributes adjustments, lock-issues workflow runner/version/timeout updates, deletion of .vscode/settings.json, removal of LICENSE and gitversion.yml, NOTICE and README edits, and addition of a CodeQL config.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/lint-pull-request.yml:
- Around line 8-12: The workflow's pull_request event types list is missing the
"labeled" trigger so ignoreLabels changes won't retrigger the job; update the
types arrays (the existing list containing "opened", "edited", "unlabeled",
"ready_for_review") to also include "labeled" wherever that same block appears
(including the duplicate block referenced around lines 50-53) so adding/removing
labels like "bot", "dependencies", or "automated" will re-run the workflow.
- Line 28: Replace mutable version tags for third‑party GitHub Actions with
their immutable 40‑character commit SHAs: change
amannn/action-semantic-pull-request@v6.1.1 to the action's full commit SHA, and
likewise replace both occurrences of
marocchino/sticky-pull-request-comment@v2.9.4 with that action's full commit
SHA; locate the usages by the action identifiers
"amannn/action-semantic-pull-request@v6.1.1" and
"marocchino/sticky-pull-request-comment@v2.9.4" in the workflow and update the
ref to the corresponding commit SHA strings.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: facioquo/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f66b7c86-7eca-479f-8a96-268c382a1c24

📥 Commits

Reviewing files that changed from the base of the PR and between bcd8fb5 and 0fb901a.

📒 Files selected for processing (1)

• .github/workflows/lint-pull-request.yml

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/lock-issues-pr.yml (1)

22-22: ⚠️ Potential issue | 🟠 Major

Pin this third-party action to a full commit SHA.

dessant/lock-threads@v6 is still a movable tag. GitHub’s security guidance says a full-length commit SHA is the only immutable way to reference a third-party action, and a compromised action can inherit the workflow’s token privileges. Since this job can write to issues and pull requests, that risk is worth closing here. (docs.github.com)

Suggested change

-      - uses: dessant/lock-threads@v6
+      - uses: dessant/lock-threads@<full-length-commit-sha>

Use this to resolve the current commit behind v6 before updating the workflow:

#!/bin/bash
# Resolve the immutable commit behind the floating v6 tag.
git ls-remote https://github.com/dessant/lock-threads 'refs/tags/v6' 'refs/tags/v6^{}'

Expected result: use the SHA from refs/tags/v6^{} in the uses: line.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/lock-issues-pr.yml at line 22, Replace the floating tag
dessant/lock-threads@v6 with the full commit SHA that corresponds to the
annotated tag v6 (the value from refs/tags/v6^{}), i.e. run git ls-remote
against https://github.com/dessant/lock-threads to resolve refs/tags/v6^{}, copy
that full-length commit SHA and use dessant/lock-threads@<full-sha> in the uses:
line in the workflow to pin the action immutably.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.gitattributes:
- Around line 1-5: The .gitattributes entry "* text=auto eol=lf" forces LF for
all text files and conflicts with the editorconfig Windows script rule; add
explicit overrides for Windows scripts by adding entries for "*.cmd" and "*.bat"
that set text and eol=crlf so those files are not normalized to LF (update the
same .gitattributes near the "* text=auto eol=lf" line and keep the existing
"**/packages.lock.json text eol=lf" entry).

---

Duplicate comments:
In @.github/workflows/lock-issues-pr.yml:
- Line 22: Replace the floating tag dessant/lock-threads@v6 with the full commit
SHA that corresponds to the annotated tag v6 (the value from refs/tags/v6^{}),
i.e. run git ls-remote against https://github.com/dessant/lock-threads to
resolve refs/tags/v6^{}, copy that full-length commit SHA and use
dessant/lock-threads@<full-sha> in the uses: line in the workflow to pin the
action immutably.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: facioquo/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3dbe90a5-2f82-48f1-a91a-2a0c70e090a2

📥 Commits

Reviewing files that changed from the base of the PR and between 0fb901a and 0e4b235.

📒 Files selected for processing (8)

• .editorconfig
• .gitattributes
• .github/workflows/lock-issues-pr.yml
• .vscode/settings.json
• LICENSE
• NOTICE
• README.md
• gitversion.yml

💤 Files with no reviewable changes (3)

• LICENSE
• .vscode/settings.json
• gitversion.yml

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/lint-pull-request.yml (1)

113-113: Minor: Trailing whitespace on final line.

Line 113 contains trailing whitespace that could be trimmed for cleaner formatting.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/lint-pull-request.yml at line 113, Remove the trailing
whitespace on the final line of the workflow file by trimming any space
characters at the end of the file and ensuring the file ends with a single
newline; simply delete the extra spaces on the last line and save the file so
the trailing whitespace is gone.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/lint-pull-request.yml:
- Line 113: Remove the trailing whitespace on the final line of the workflow
file by trimming any space characters at the end of the file and ensuring the
file ends with a single newline; simply delete the extra spaces on the last line
and save the file so the trailing whitespace is gone.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: facioquo/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d8fb51ef-22bf-451d-a746-9288be4d3d3f

📥 Commits

Reviewing files that changed from the base of the PR and between 0e4b235 and f40043f.

📒 Files selected for processing (1)

• .github/workflows/lint-pull-request.yml

[coderabbitai]

🧹 Nitpick comments (1)

.github/codeql/config.yml (1)

6-8: Excluding actions/unpinned-tag reduces security scanning coverage.

Excluding this query suppresses warnings about using mutable action tags (e.g., @v6) instead of pinned SHA commits. This is a deliberate trade-off given the workflows in this repository use unpinned tags, but be aware it weakens supply-chain security guarantees.

If this exclusion is intentional, consider adding a comment explaining the rationale:

📝 Suggested documentation improvement

 query-filters:
+  # Exclude unpinned-tag warnings since org workflows use semantic version tags
+  # for better maintainability. Action versions are reviewed during updates.
   - exclude:
       id: actions/unpinned-tag

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/codeql/config.yml around lines 6 - 8, The exclusion of the CodeQL
query id "actions/unpinned-tag" reduces supply-chain security coverage; update
the config to keep the exclusion but add an explanatory comment near the
query-filters block describing why unpinned action tags are used in this repo
(e.g., compatibility/maintenance reasons, CI workflow constraints, or accepted
risk), reference the exact id "actions/unpinned-tag" in the comment, and include
guidance about revisiting this decision later or conditions under which it
should be removed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/codeql/config.yml:
- Around line 6-8: The exclusion of the CodeQL query id "actions/unpinned-tag"
reduces supply-chain security coverage; update the config to keep the exclusion
but add an explanatory comment near the query-filters block describing why
unpinned action tags are used in this repo (e.g., compatibility/maintenance
reasons, CI workflow constraints, or accepted risk), reference the exact id
"actions/unpinned-tag" in the comment, and include guidance about revisiting
this decision later or conditions under which it should be removed.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: facioquo/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8edbeb65-b79a-4cd2-8f6f-29a5bdb6cadc

📥 Commits

Reviewing files that changed from the base of the PR and between f40043f and 6e706e1.

📒 Files selected for processing (1)

• .github/codeql/config.yml

[DaveSkender]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.