chore(deps): update all digest updates to 617d74e

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
yxtay/.github (changelog)	action	digest	aeaed65 → 617d74e

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions automation workflow dependencies to use newer versions across multiple processes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 93385850-c3eb-4046-8e50-ef900a673cf9

📥 Commits

Reviewing files that changed from the base of the PR and between a965a95 and 4806772.

📒 Files selected for processing (4)

• .github/workflows/automerge.yml
• .github/workflows/ossf.yml
• .github/workflows/pr.yml
• .github/workflows/scans.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/ossf.yml

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/scans.yml
• .github/workflows/automerge.yml

---

📝 Walkthrough

Walkthrough

Four GitHub Actions workflow files update the pinned commit SHA for their reusable uses: references from aeaed65458776fdb4725919db393d6c21418e1e5 to 617d74e18c8f4dab4c527884375b11f83d57715c. No other workflow logic, triggers, permissions, or inputs are changed.

Changes

Reusable Workflow SHA Bump

Layer / File(s)	Summary
Update pinned SHA across all caller workflows .github/workflows/automerge.yml, .github/workflows/ossf.yml, .github/workflows/pr.yml, .github/workflows/scans.yml	Each workflow's uses: pin is updated from aeaed65 to 617d74e for the upstream reusable workflow reference.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• yxtay/dotfiles#809: Updates the same four workflow files (automerge.yml, ossf.yml, pr.yml, scans.yml) with a prior reusable-workflow SHA bump.
• yxtay/dotfiles#822: Identical scope — bumps the same pinned commit SHAs in the same four caller workflows, making this PR the direct successor.
• yxtay/dotfiles#815: Also updates the same set of reusable-workflow uses: pins across the identical four workflow files.

Suggested labels

size/XS

Suggested reviewers

• yxtay

Poem

🐇 Four little workflows lined up in a row,
A new commit SHA sets them ready to go.
From aeaed65 to 617d74e,
The CI keeps humming, as smooth as can be!
Hop hop hooray, the pins are up to date~ 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating digest references across multiple workflow files from one commit SHA to another.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all-digest

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	shfmt	3	0	0	0	0.02s
✅ JSON	prettier	1	0	0	0	0.41s
✅ MARKDOWN	markdownlint	4	0	0	0	0.57s
✅ MARKDOWN	markdown-table-formatter	4	0	0	0	0.17s
✅ YAML	prettier	10	0	0	0	0.47s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters BASH_SHFMT,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,YAML_PRETTIER

Show us your support by starring ⭐ the repository

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5		0	0	0.3s
✅ ACTION	zizmor	5	0	0	0	0.97s
✅ BASH	bash-exec	3		0	0	0.01s
✅ BASH	shellcheck	3		0	0	0.09s
✅ BASH	shfmt	3	0	0	0	0.02s
✅ COPYPASTE	jscpd	yes		no	no	0.81s
✅ EDITORCONFIG	editorconfig-checker	59		0	0	0.1s
✅ JSON	prettier	1	0	0	0	0.31s
✅ JSON	v8r	1		0	0	1.65s
✅ MARKDOWN	markdownlint	4	0	0	0	0.72s
✅ MARKDOWN	markdown-table-formatter	4	0	0	0	0.21s
✅ REPOSITORY	checkov	yes		no	no	22.97s
✅ REPOSITORY	gitleaks	yes		no	no	1.51s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	54.14s
⚠️ REPOSITORY	osv-scanner	yes		1	no	0.11s
✅ REPOSITORY	secretlint	yes		no	no	1.21s
✅ REPOSITORY	semgrep	yes		no	no	23.05s
✅ REPOSITORY	syft	yes		no	no	1.8s
✅ REPOSITORY	trivy	yes		no	no	12.86s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.13s
✅ REPOSITORY	trufflehog	yes		no	no	4.27s
✅ SPELL	lychee	17		0	0	0.97s
✅ YAML	prettier	10	0	0	0	0.6s
✅ YAML	v8r	10		0	0	6.66s
✅ YAML	yamllint	10		0	0	0.42s

Detailed Issues

⚠️ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
End status: 38 dirs visited, 128 inodes visited, 0 Extract calls, 5.696885ms elapsed, 5.697086ms wall time
No package sources found, --help for usage information.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,EDITORCONFIG_EDITORCONFIG_CHECKER,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SEMGREP,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	bash-exec	3		0	0	0.01s
✅ BASH	shellcheck	3		0	0	0.1s
✅ REPOSITORY	checkov	yes		no	no	25.43s
✅ REPOSITORY	devskim	yes		no	no	1.75s
✅ REPOSITORY	dustilock	yes		no	no	0.02s
✅ REPOSITORY	gitleaks	yes		no	no	1.26s
✅ REPOSITORY	grype	yes		no	no	56.27s
✅ REPOSITORY	kingfisher	yes		no	no	6.82s
⚠️ REPOSITORY	osv-scanner	yes		1	no	0.13s
✅ REPOSITORY	secretlint	yes		no	no	1.69s
✅ REPOSITORY	semgrep	yes		no	no	26.13s
✅ REPOSITORY	syft	yes		no	no	1.82s
✅ REPOSITORY	trivy	yes		no	no	11.63s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.19s
✅ REPOSITORY	trufflehog	yes		no	no	5.4s

Detailed Issues

⚠️ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
End status: 38 dirs visited, 128 inodes visited, 0 Extract calls, 2.812855ms elapsed, 2.813065ms wall time
No package sources found, --help for usage information.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters BASH_EXEC,BASH_SHELLCHECK,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SEMGREP,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_KINGFISHER

Show us your support by starring ⭐ the repository