From 99b7db9a6341428973a4b511539d98dcd0a8fb8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2026 20:09:12 +0000 Subject: [PATCH 1/2] action-allowlist-review: bump 1Password/load-secrets-action Bumps [1Password/load-secrets-action](https://github.com/1password/load-secrets-action) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/1password/load-secrets-action/releases) - [Commits](https://github.com/1password/load-secrets-action/compare/92467eb28f72e8255933372f1e0707c567ce2259...3a12b0ab99d9cd590a3e9b5a90ea017210ed9556) --- updated-dependencies: - dependency-name: 1Password/load-secrets-action dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/actions/for-dependabot-triggered-reviews/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/for-dependabot-triggered-reviews/action.yml b/.github/actions/for-dependabot-triggered-reviews/action.yml index e6903124..4d1b0cd4 100644 --- a/.github/actions/for-dependabot-triggered-reviews/action.yml +++ b/.github/actions/for-dependabot-triggered-reviews/action.yml @@ -37,11 +37,11 @@ name: Gateway Action runs: using: "composite" steps: - - uses: 1Password/load-secrets-action@92467eb28f72e8255933372f1e0707c567ce2259 # v4.0.0 # zizmor: ignore[unpinned-tools] generated sentinel step is never executed + - uses: 1Password/load-secrets-action@3a12b0ab99d9cd590a3e9b5a90ea017210ed9556 # v4.0.0 # zizmor: ignore[unpinned-tools] generated sentinel step is never executed if: false with: version: "2.30.0" - - uses: 1Password/load-secrets-action/configure@92467eb28f72e8255933372f1e0707c567ce2259 # v4.0.0 + - uses: 1Password/load-secrets-action/configure@3a12b0ab99d9cd590a3e9b5a90ea017210ed9556 # v4.0.1 if: false with: version: "2.30.0" From 0caee151e0248b163c314e003a2c2f5d9201c3be Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Sun, 21 Jun 2026 22:49:03 -0400 Subject: [PATCH 2/2] =?UTF-8?q?fix:=20correct=20stale=20version=20comment?= =?UTF-8?q?=20on=201Password=20bump=20(v4.0.0=20=E2=86=92=20v4.0.1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dependabot bumped both `uses:` hashes to the v4.0.1 commit but only updated the version comment on the `/configure` line, leaving the first line at `# v4.0.0`. Its comment-updater skips lines that carry a trailing `# zizmor: ignore[...]` after the version comment. zizmor's ref-version-mismatch flagged the resulting hash/comment mismatch. Generated-by: Claude Opus 4.8 (1M context) --- .github/actions/for-dependabot-triggered-reviews/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/for-dependabot-triggered-reviews/action.yml b/.github/actions/for-dependabot-triggered-reviews/action.yml index 4d1b0cd4..2b3399aa 100644 --- a/.github/actions/for-dependabot-triggered-reviews/action.yml +++ b/.github/actions/for-dependabot-triggered-reviews/action.yml @@ -37,7 +37,7 @@ name: Gateway Action runs: using: "composite" steps: - - uses: 1Password/load-secrets-action@3a12b0ab99d9cd590a3e9b5a90ea017210ed9556 # v4.0.0 # zizmor: ignore[unpinned-tools] generated sentinel step is never executed + - uses: 1Password/load-secrets-action@3a12b0ab99d9cd590a3e9b5a90ea017210ed9556 # v4.0.1 # zizmor: ignore[unpinned-tools] generated sentinel step is never executed if: false with: version: "2.30.0"