chore(deps): update all digest updates to af2afe1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
yxtay/.github (changelog)	action	digest	617d74e → af2afe1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow dependencies to latest versions for improved automation reliability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a23cece6-b957-4bb0-a8b1-c38e02eceeee

📥 Commits

Reviewing files that changed from the base of the PR and between 5cc37c1 and c3f213a.

📒 Files selected for processing (4)

• .github/workflows/automerge.yml
• .github/workflows/ossf.yml
• .github/workflows/pr.yml
• .github/workflows/scans.yml

---

📝 Walkthrough

Walkthrough

Four GitHub Actions workflow files update their pinned uses: commit SHA for the corresponding yxtay/.github reusable workflows, changing from 617d74e18c8f4dab4c527884375b11f83d57715c to af2afe1af9dc76d63802d1ef46a182c059f87e59. No other logic or configuration is changed.

Changes

Reusable Workflow SHA Bump

Layer / File(s)	Summary
Bump pinned SHA across all workflow callers .github/workflows/automerge.yml, .github/workflows/ossf.yml, .github/workflows/pr.yml, .github/workflows/scans.yml	Each workflow's uses: reference for its respective yxtay/.github reusable workflow is updated from 617d74e... to af2afe1a.... No other job logic, inputs, or triggers are changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• yxtay/dotfiles#827: Modifies the same four workflow files (automerge.yml, ossf.yml, pr.yml, scans.yml) by bumping the same pinned reusable workflow SHAs.
• yxtay/dotfiles#822: Bumps the pinned uses: commit SHAs for the same reusable GitHub workflows (automerge, ossf, scans).
• yxtay/dotfiles#815: Updates the pinned uses: commit SHAs for the same set of reusable workflows (automerge, ossf, pr, scans) with no other job logic changes.

Suggested labels

size/XS

Suggested reviewers

• yxtay

Poem

🐇 Hop, hop, a SHA swap today,
Four workflows point a fresher way.
From 617d74e we leap,
To af2afe1 we keep.
The bunny pins with care each day! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating digest references across multiple workflow files to commit af2afe1.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all-digest

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	shfmt	3	0	0	0	0.02s
✅ JSON	prettier	1	0	0	0	0.41s
✅ MARKDOWN	markdownlint	4	0	0	0	0.6s
✅ MARKDOWN	markdown-table-formatter	4	0	0	0	0.16s
✅ YAML	prettier	10	0	0	0	0.48s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters BASH_SHFMT,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,YAML_PRETTIER

Show us your support by starring ⭐ the repository

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	shellcheck	3		0	0	0.33s
✅ BASH	shfmt	3	0	0	0	0.01s
✅ COPYPASTE	jscpd	yes		no	no	0.94s
✅ JSON	prettier	1	0	0	0	0.38s
✅ JSON	v8r	1		0	0	1.74s
✅ REPOSITORY	gitleaks	yes		no	no	1.66s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	47.11s
⚠️ REPOSITORY	osv-scanner	yes		1	no	0.13s
✅ REPOSITORY	secretlint	yes		no	no	1.04s
✅ REPOSITORY	syft	yes		no	no	2.5s
✅ REPOSITORY	trivy	yes		no	no	10.39s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.18s
✅ REPOSITORY	trufflehog	yes		no	no	4.15s
✅ YAML	prettier	10	0	0	0	0.57s
✅ YAML	v8r	10		0	0	7.16s
✅ YAML	yamllint	10		0	0	0.59s

Detailed Issues

⚠️ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
End status: 38 dirs visited, 128 inodes visited, 0 Extract calls, 2.72505ms elapsed, 2.725211ms wall time
No package sources found, --help for usage information.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,JSON_V8R,JSON_PRETTIER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ BASH	bash-exec	3		0	0	0.02s
✅ BASH	shellcheck	3		0	0	0.16s
✅ REPOSITORY	checkov	yes		no	no	26.08s
✅ REPOSITORY	devskim	yes		no	no	1.68s
✅ REPOSITORY	dustilock	yes		no	no	0.01s
✅ REPOSITORY	gitleaks	yes		no	no	1.28s
✅ REPOSITORY	grype	yes		no	no	56.7s
✅ REPOSITORY	kingfisher	yes		no	no	6.88s
⚠️ REPOSITORY	osv-scanner	yes		1	no	0.12s
✅ REPOSITORY	secretlint	yes		no	no	1.72s
✅ REPOSITORY	semgrep	yes		no	no	24.61s
✅ REPOSITORY	syft	yes		no	no	2.05s
✅ REPOSITORY	trivy	yes		no	no	13.5s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.17s
✅ REPOSITORY	trufflehog	yes		no	no	5.59s

Detailed Issues

⚠️ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
End status: 38 dirs visited, 128 inodes visited, 0 Extract calls, 2.858217ms elapsed, 2.858397ms wall time
No package sources found, --help for usage information.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters BASH_EXEC,BASH_SHELLCHECK,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SEMGREP,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_KINGFISHER

Show us your support by starring ⭐ the repository

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5		0	0	0.26s
✅ ACTION	zizmor	5	0	0	0	0.54s
✅ BASH	bash-exec	3		0	0	0.02s
✅ BASH	shellcheck	3		0	0	0.06s
✅ BASH	shfmt	3	0	0	0	0.01s
✅ COPYPASTE	jscpd	yes		no	no	0.87s
✅ EDITORCONFIG	editorconfig-checker	59		0	0	0.1s
✅ JSON	prettier	1	0	0	0	0.4s
✅ JSON	v8r	1		0	0	1.67s
✅ MARKDOWN	markdownlint	4	0	0	0	0.69s
✅ MARKDOWN	markdown-table-formatter	4	0	0	0	0.17s
✅ REPOSITORY	checkov	yes		no	no	25.14s
✅ REPOSITORY	gitleaks	yes		no	no	1.23s
✅ REPOSITORY	git_diff	yes		no	no	0.0s
✅ REPOSITORY	grype	yes		no	no	55.9s
⚠️ REPOSITORY	osv-scanner	yes		1	no	0.2s
✅ REPOSITORY	secretlint	yes		no	no	1.3s
✅ REPOSITORY	semgrep	yes		no	no	24.44s
✅ REPOSITORY	syft	yes		no	no	1.55s
✅ REPOSITORY	trivy	yes		no	no	11.79s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.15s
✅ REPOSITORY	trufflehog	yes		no	no	4.07s
✅ SPELL	lychee	17		0	0	2.25s
✅ YAML	prettier	10	0	0	0	0.58s
✅ YAML	v8r	10		0	0	6.65s
✅ YAML	yamllint	10		0	0	0.5s

Detailed Issues

⚠️ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
End status: 38 dirs visited, 128 inodes visited, 0 Extract calls, 5.768128ms elapsed, 5.76836ms wall time
No package sources found, --help for usage information.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,EDITORCONFIG_EDITORCONFIG_CHECKER,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SEMGREP,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository