chore(deps): pin dependencies #1898

renovate · 2025-06-18T15:17:25Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	pinDigest	-> `11bd719`
actions/setup-go	action	pinDigest	-> `d35c59a`
actions/setup-java	action	pinDigest	-> `c5195ef`
actions/setup-node	action	pinDigest	-> `49933ea`
actions/setup-python	action	pinDigest	-> `a26af69`
actions/upload-artifact	action	pinDigest	-> `ea165f8`
android-actions/setup-android	action	pinDigest	-> `9fc6c4e`
cachix/cachix-action	action	pinDigest	-> `18cf96c`
cachix/install-nix-action	action	pinDigest	-> `8887e59`
cloudposse/github-action-matrix-outputs-write	action	pinDigest	-> `ed06cf3`
coursier/cache-action	action	pinDigest	-> `4e26158`
coursier/setup-action	action	pinDigest	-> `039f736`
docker/build-push-action	action	pinDigest	-> `2634353`
docker/login-action	action	pinDigest	-> `74a5d14`
docker/metadata-action	action	pinDigest	-> `902fa8e`
docker/setup-buildx-action	action	pinDigest	-> `e468171`
docker/setup-qemu-action	action	pinDigest	-> `2910929`
github/codeql-action	action	pinDigest	-> `ce28f5b`
int128/docker-manifest-create-action	action	pinDigest	-> `736aaa0`
oras-project/setup-oras	action	pinDigest	-> `8d34698`
oven-sh/setup-bun	action	pinDigest	-> `f4d14e0`
pnpm/action-setup	action	pinDigest	-> `a7487c7`
sbt/setup-sbt	action	pinDigest	-> `6c68d2f`
softprops/action-gh-release	action	pinDigest	-> `72f2c25`

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

.github/workflows/npm-release.yml

.github/workflows/nodejs.yml

.github/workflows/dockertests.yml

.github/workflows/binary-builds.yml

.github/workflows/python-atom-tests.yml

.github/workflows/nydus-demo.yml

.github/workflows/npm-release.yml

.github/workflows/nodejs.yml

.github/workflows/dockertests.yml

setchy · 2025-06-18T16:12:07Z

Might need to rethink these test assertions

prabhu · 2025-06-18T17:34:40Z

@setchy unit tests needs fixing as well. Do you want to take a look?

setchy · 2025-06-18T18:17:07Z

@setchy unit tests needs fixing as well. Do you want to take a look?

re: my comment above, is there a reason versions are being asserted in the tests? That's going to be a bit clunky as new digests are recommended by Renovate going forward. Or is that by design?

prabhu · 2025-06-18T20:18:56Z

Good idea. We can skip version check.

.github/workflows/npm-release.yml

.github/workflows/dockertests.yml

prabhu · 2025-06-19T00:47:47Z

This PR has too many unwanted changes. What's the best way to only have pinDigest changes alone.

setchy · 2025-06-19T14:32:36Z

This PR has too many unwanted changes. What's the best way to only have pinDigest changes alone.

Disabled rangeStrategy: pin so that we can focus on action digest pins

setchy · 2025-06-19T14:38:25Z

Good idea. We can skip version check.

updated unit test from toEqual to toMatchObject

prabhu · 2025-06-19T16:49:01Z

Looks like repotests is broken, since we are using java 24 before scala tests.

Signed-off-by: Adam Setch <adam.setch@outlook.com>

malice00 · 2025-06-19T17:16:06Z

Sorry guys, triggered a rebase after some fixes in master and didn't see right away that @setchy made a manual push on this -- cherry-picked it, so it's back in the PR.

malice00 · 2025-06-19T18:56:05Z

lgtm. Tests are almost done, but I don't think they'll fail from here anymore, so let's go!

renovate bot requested a review from prabhu as a code owner June 18, 2025 15:17

renovate bot added the dependency Dependency updates label Jun 18, 2025