chore(deps)!: Update GitHub Actions (major)

[williaby]

ℹ️ Note

This PR body was truncated due to platform limits.

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Package	Type	Update	Change	Pending	OpenSSF
actions/attest-build-provenance	action	major	v1.5.2 → v4.1.0
actions/checkout	action	major	v4.3.1 → v6.0.2
actions/checkout	action	major	v4 → v6
actions/download-artifact	action	major	v4 → v8
actions/setup-python	action	major	v5.6.0 → v6.2.0
actions/upload-artifact	action	major	v4.6.2 → v7.0.1
actions/upload-artifact	action	major	v4 → v7
astral-sh/setup-uv	action	major	v4 → v7
astral-sh/setup-uv	action	major	v6.8.0 → v8.1.0
astral-sh/setup-uv	action	major	v4.2.0 → v8.1.0
codecov/codecov-action	action	major	v4.6.0 → v6.0.0
dorny/paths-filter	action	major	v3.0.3 → v4.0.1
github/codeql-action	action	major	v3.35.3 → v4.35.3	v4.35.4
google-github-actions/auth	action	major	v2.1.13 → v3.0.0
google-github-actions/auth	action	major	v2 → v3
google-github-actions/setup-gcloud	action	major	v2 → v3
python-semantic-release/python-semantic-release	action	major	v9.21.1 → v10.5.3

Warnings (1)

Please correct - or verify that you can safely ignore - these warnings before you merge this PR.

• actions/attest-build-provenance: Could not determine new digest for update (github-tags package actions/attest-build-provenance)

---

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Impact

• ✅ Patch update: bug fixes and security patches only
• ✅ No breaking changes

Acceptance Criteria

• All CI checks pass

Testing

• CI gates pass (tests, lint, type checking, security scan)

Notes

---

Release Notes

actions/attest-build-provenance (actions/attest-build-provenance)

v4.1.0

Compare Source

[!NOTE]
As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Update RELEASE.md docs by @​bdehamer in #​836
• Bump actions/attest from 4.0.0 to 4.1.0 by @​bdehamer in #​838
  • Bump @actions/attest from 3.0.0 to 3.1.0 by @​bdehamer in actions/attest#362
  • Bump @actions/attest from 3.1.0 to 3.2.0 by @​bdehamer in actions/attest#365
  • Add new subject-version input for inclusion in storage record by @​bdehamer in actions/attest#364
  • Add storage record content to README by @​bdehamer in actions/attest#366

Full Changelog: actions/attest-build-provenance@v4.0.0...v4.1.0

v4.0.0

Compare Source

[!NOTE]
As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Prepare v4 release by @​bdehamer in #​835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

v3.2.0

Compare Source

What's Changed

• Bump @​actions/core from 1.11.1 to 2.0.1 by @​dependabot[bot] in #​776
• Add more documentation on Artifact Metadata Storage Records by @​malancas in #​797
• Update actions/attest to latest version v3.2.0 by @​malancas in #​812

Full Changelog: actions/attest-build-provenance@v3.1.0...v3.2.0

v3.1.0

Compare Source

What's Changed

• Prepare v3 release by @​bdehamer in #​697
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​749
• Bump tar from 7.5.1 to 7.5.2 by @​dependabot[bot] in #​753
• Bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in #​754
• Bump @​types/node from 24.10.1 to 25.0.2 by @​dependabot[bot] in #​774
• Bump @​actions/attest from 1.6.0 to 2.0.0 by @​dependabot[bot] in #​736
• Bump @​actions/attest from 2.0.0 to 2.1.0 by @​dependabot[bot] in #​775
• Add support for creating artifact metadata storage records by @​malancas in #​779

New Contributors

• @​malancas made their first contribution in #​779

Full Changelog: actions/attest-build-provenance@v3...v3.1.0

v3.0.0

Compare Source

What's Changed

• Adjust node max-http-header-size setting by @​bdehamer in #​687
• Bump actions/attest from v2.4.0 to v3.0.0 by @​bdehamer in #​691
  • Bump to node24 runtime
  • Improved checksum parsing
• Bump attest-build-provenance/predicate to v2.0.0 by @​bdehamer in #​693
  • Bump to node24 runtime by @​bdehamer in #​692

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/attest-build-provenance@v2.4.0...v3.0.0

v2.4.0

Compare Source

What's Changed

• Bump undici from 5.28.5 to 5.29.0 by @​dependabot in #​633
• Bump actions/attest from 2.3.0 to 2.4.0 by @​bdehamer in #​654
  • Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run

Full Changelog: actions/attest-build-provenance@v2.3.0...v2.4.0

v2.3.0

Compare Source

What's Changed

• Bump actions/attest from 2.2.1 to 2.3.0 by @​bdehamer in #​615
  • Updates @sigstore/oci from 0.4.0 to 0.5.0

Full Changelog: actions/attest-build-provenance@v2.2.3...v2.3.0

v2.2.3

Compare Source

What's Changed

• Pin actions/attest reference by commit SHA by @​bdehamer in #​493

Full Changelog: actions/attest-build-provenance@v2.2.2...v2.2.3

v2.2.2

Compare Source

What's Changed

• Bump predicate action from 1.1.4 to 1.1.5 by @​bdehamer in #​485
  • Bump @​actions/attest from 1.5.0 to 1.6.0 by @​bdehamer in #​484
    • Update buildSLSAProvenancePredicate to populate workflow.ref field from the ref claim in the OIDC token (actions/toolkit#1969)

Full Changelog: actions/attest-build-provenance@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​457
• Bump @​octokit/request-error from 5.0.1 to 5.1.1 by @​dependabot in #​469
• Bump @​octokit/request from 8.2.0 to 8.4.1 by @​dependabot in #​478
• Bump actions/attest from 2.2.0 to 2.2.1 by @​bdehamer in #​481
  • Includes @actions/attest v1.6.0

Full Changelog: actions/attest-build-provenance@v2.2.0...v2.2.1

v2.2.0

Compare Source

What's Changed

• Bump actions/attest from v2.1.0 to v2.2.0 by @​bdehamer in #​449
  • Includes support for now subject-checksums input parameter

Full Changelog: actions/attest-build-provenance@v2.1.0...v2.2.0

v2.1.0

Compare Source

What's Changed

• Update README w/ note about GH plans supporting attestations by @​bdehamer in #​414
• Add attestation-id and attestation-url outputs by @​bdehamer in #​415

Full Changelog: actions/attest-build-provenance@v2.0.1...v2.1.0

v2.0.1

Compare Source

What's Changed

• Bump actions/attest from 2.0.0 to 2.0.1 by @​bdehamer in #​406
  • Deduplicate subjects before adding to in-toto statement

Full Changelog: actions/attest-build-provenance@v2.0.0...v2.0.1

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

• Add worktree support for persist-credentials includeIf by @​ericsciple in #​2327

v6.0.0

Compare Source

• Persist creds to a separate file by @​ericsciple in #​2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in #​2248

v5.0.1

Compare Source

• Port v6 cleanup to v5 by @​ericsciple in #​2301

v5.0.0

Compare Source

• Update actions checkout to use node 24 by @​salmanmkc in #​2226

actions/download-artifact (actions/download-artifact)

v8

Compare Source

v7

Compare Source

v6

Compare Source

v5

Compare Source

actions/setup-python (actions/setup-python)

v6.2.0

Compare Source

What's Changed

Dependency Upgrades

• Upgrade dependencies to Node 24 compatible versions by @​salmanmkc in #​1259
• Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @​dependabot in #​1253 and #​1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

Compare Source

What's Changed

Enhancements:

• Add support for pip-install input by @​gowridurgad in #​1201
• Add graalpy early-access and windows builds by @​timfel in #​880

Dependency and Documentation updates:

• Enhanced wording and updated example usage for allow-prereleases by @​yarikoptic in #​979
• Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @​dependabot in #​1139
• Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @​dependabot in #​1094
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @​dependabot in #​1199
• Upgrade requests from 2.32.2 to 2.32.4 by @​dependabot in #​1130
• Upgrade prettier from 3.5.3 to 3.6.2 by @​dependabot in #​1234
• Upgrade @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @​dependabot in #​1235

New Contributors

• @​yarikoptic made their first contribution in #​979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in #​1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @​priyagupta108 in #​1129
• Enhance reading from .python-version by @​krystof-k in #​787
• Add version parsing from Pipfile by @​aradkdj in #​1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @​aparnajyothi-y in #​1183
• Change missing cache directory error to warning by @​aparnajyothi-y in #​1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @​aparnajyothi-y in #​1122
• Include python version in PyPy python-version output by @​cdce8p in #​1110
• Update docs: clarification on pip authentication with setup-python by @​priya-kinthali in #​1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @​dependabot[bot] in #​843
• Upgrade form-data to fix critical vulnerabilities #​182 & #​183 by @​aparnajyothi-y in #​1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @​aparnajyothi-y in #​1165
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​1181
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​1095

New Contributors

• @​krystof-k made their first contribution in #​787
• @​cdce8p made their first contribution in #​1110
• @​aradkdj made their first contribution in #​1067

Full Changelog: actions/setup-python@v5...v6.0.0

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by @​danwkennedy in #​795
• Readme: bump all the example versions to v7 by @​danwkennedy in #​796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in #​797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

Compare Source

v6 - What's new

[!IMPORTANT]
actions/upload-artifact@​v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in #​719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in #​744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in #​745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in #​681
• Update README.md by @​nebuk89 in #​712
• Readme: spell out the first use of GHES by @​danwkennedy in #​727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in #​725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in #​734

New Contributors

• @​GhadimiR made their first contribution in #​681
• @​nebuk89 made their first contribution in #​712
• @​danwkennedy made their first contribution in #​727
• @​patrikpolyak made their first contribution in #​725

Full Changelog: actions/upload-artifact@v4...v5.0.0

astral-sh/setup-uv (astral-sh/setup-uv)

v7

Compare Source

v6

Compare Source

v5

Compare Source

codecov/codecov-action (codecov/codecov-action)

v6.0.0

Compare Source

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in #​1929
• Th/6.0.0 by @​thomasrockhu-codecov in #​1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

Compare Source

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in #​1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in #​1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

Compare Source

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in #​1822
• fix: OIDC on forks by @​joseph-sentry in #​1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

Compare Source

What's Changed

• fix: use the github core methods by @​thomasrockhu-codecov in #​1807
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​app/dependabot in #​1803
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​app/dependabot in #​1797
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​app/dependabot in #​1798
• chore(release): wrapper -0.2.1 by @​app/codecov-releaser-app in #​1788
• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​app/dependabot in #​1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

Compare Source

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in #​1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in #​1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in #​1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in #​1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in #​1773
• Fix use of safe.directory inside containers by @​Flamefire in #​1768
• Fix description for report_type input by @​craigscott-crascit in #​1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in #​1765
• Fix a typo in the example by @​miranska in #​1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in #​1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in #​1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

v5.3.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

v5.3.0

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

v5.2.0

Compare Source

What's Changed

• Fix typo in README by @​tserg in #​1747
• Th/add commands by @​thomasrockhu-codecov in #​1745
• use correct audience when requesting oidc token by @​juho9000 in #​1744
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @​app/dependabot in #​1742
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @​app/dependabot in #​1743
• chore(deps): bump wrapper to 0.0.32 by @​thomasrockhu-codecov in #​1740
• feat: add disable-telem feature by @​thomasrockhu-codecov in #​1739
• fix: remove erroneous linebreak in readme by @​Vampire in #​1734

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

v5.1.2

Compare Source

What's Changed

• fix: update statment by @​thomasrockhu-codecov in #​1726
• fix: update action script by @​thomasrockhu-codecov in #​1725
• fix: prevent oidc on tokenless due to permissioning by @​thomasrockhu-codecov in #​1724
• chore(release): wrapper-0.0.31 by @​app/codecov-releaser-app in #​1723
• Put quotes around ${{ inputs.token }} in action.yml by @​jwodder in #​1721
• build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @​app/dependabot in #​1722
• Remove mistake from options table by @​Acconut in #​1718
• build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @​app/dependabot in #​1717

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2

v5.1.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1

v5.1.0

Compare Source

What's Changed

• fix: hide unnecessary error on shasum by @​thomasrockhu-codecov in #​1692
• build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @​app/dependabot in #​1701
• chore(release): wrapper-0.0.29 by @​app/codecov-releaser-app in #​1713

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.7..v5.1.0

v5.0.7

Compare Source

What's Changed

• fix: use HEAD_REPO by @​thomasrockhu-codecov in #​1690

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.6..v5.0.7

v5.0.6

Compare Source

What's Changed

• fix: update CODECOV_TOKEN and fix tokenless by @​thomasrockhu-codecov in #​1688

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.5..v5.0.6

v5.0.5

Compare Source

What's Changed

• chore(release): wrapper-0.0.27 by @​app/codecov-releaser-app in #​1685

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.4..v5.0.5

v5.0.4

Compare Source

What's Changed

• chore(deps): bump wrapper to 0.0.26 by @​thomasrockhu-codecov in #​1681
• fix: strip out a trailing /n from input tokens by @​thomasrockhu-codecov in #​1679
• fix: add action version by @​thomasrockhu-codecov in #​1678

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.3..v5.0.4

v5.0.3

Compare Source

What's Changed

• fix: update OIDC audience by @​thomasrockhu-codecov in #​1675
• fix: use double-quotes for OIDC by @​thomasrockhu-codecov in #​1669
• fix: prevent always setting tokenless to be true by @​thomasrockhu-codecov in #​1673
• fix: update CHANGELOG and automate by @​thomasrockhu-codecov in #​1674
• fix: bump to v5 and update README by @​thomasrockhu-codecov in #​1655
• build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by @​app/dependabot in #​1665
• fix: typo in inputs.disable_safe_directory by [@​mkroening](https:

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[coderabbitai]

Warning

Rate limit exceeded

@williaby has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 30 minutes and 38 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8a67b53c-804e-436d-a43e-985a59c17abb

📥 Commits

Reviewing files that changed from the base of the PR and between 911ab53 and 06d240e.

📒 Files selected for processing (7)

• .github/workflows/ci.yml
• .github/workflows/codeql.yml
• .github/workflows/pr-validation.yml
• .github/workflows/publish-artifact-registry.yml
• .github/workflows/publish.yml
• .github/workflows/release.yml
• .github/workflows/slsa-provenance.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/major-github-actions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[williaby]

Closing — conflict with GitHub Actions updates already merged. Renovate will recreate.