Skip to content

Bump marocchino/sticky-pull-request-comment from 2.9.0 to 2.9.4#7

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/marocchino/sticky-pull-request-comment-2.9.4
Closed

Bump marocchino/sticky-pull-request-comment from 2.9.0 to 2.9.4#7
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/marocchino/sticky-pull-request-comment-2.9.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 23, 2026

Copy link
Copy Markdown

Bumps marocchino/sticky-pull-request-comment from 2.9.0 to 2.9.4.

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v2.9.4

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

v2.9.3

What's Changed

  • Update deps (including security issues)
  • Test with vitest instead of jest
  • Use biome

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.2...v2.9.3

v2.9.2

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.1...v2.9.2

v2.9.1

What's Changed

New Contributors

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.0...v2.9.1

Commits
  • 7737449 📦️ Build
  • 8b423c6 Merge pull request #1564 from marocchino/dependabot/npm_and_yarn/types/node-2...
  • 3ac8a74 build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13
  • e430cfc Merge pull request #1563 from marocchino/dependabot/npm_and_yarn/types/node-2...
  • 99f9378 build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12
  • 2216b3a Merge pull request #1562 from marocchino/dependabot/npm_and_yarn/biomejs/biom...
  • 482d7fd build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1
  • c2da581 Merge pull request #1561 from marocchino/dependabot/npm_and_yarn/types/node-2...
  • 76f8462 build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11
  • 246151a ⬆️ Update biome
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) from 2.9.0 to 2.9.4.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@331f8f5...7737449)

---
updated-dependencies:
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 23, 2026
@github-actions

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/marocchino/sticky-pull-request-comment 773744901bac0e8cbb5a0dc842800d45e9b2b405 ⚠️ 4.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ -1Found no human activity in the last 15 changesets
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 73 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/dotnet.yml

@dependabot @github

dependabot Bot commented on behalf of github Jan 26, 2026

Copy link
Copy Markdown
Author

Superseded by #15.

@dependabot dependabot Bot closed this Jan 26, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/develop/marocchino/sticky-pull-request-comment-2.9.4 branch January 26, 2026 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants