ci(deps): bump azure/trusted-signing-action from 0.5.1 to 2.0.0#8
Closed
dependabot[bot] wants to merge 2 commits into
Closed
ci(deps): bump azure/trusted-signing-action from 0.5.1 to 2.0.0#8dependabot[bot] wants to merge 2 commits into
dependabot[bot] wants to merge 2 commits into
Conversation
Claude Code Install Manager v0.1.0. Single-file Windows batch script (plus optional signed PE launcher) that works around upstream Claude Code installation pain on Windows: multi-location install drift across native installer / WinGet / npm, PATH changes not propagating to running shells, the Claude Desktop App execution alias hijacking the 'claude' command, SYSTEM-profile leftovers from accidental elevated installs, and the lack of any built-in diagnostic or repair path. Subcommands: install, update, uninstall, repair, doctor, path, version, where, help, repair-system, disable-desktop-alias. doctor diagnoses 12+ documented upstream anthropics/claude-code issues from a single command. Long operations show a spinner with mm:ss elapsed time. Errors include actionable next-step hints. Ships with MIT LICENSE (Simtabi LLC), Contributor Covenant 2.1, Keep-a-Changelog CHANGELOG, CONTRIBUTING / SECURITY docs, Pester tests, GitHub Actions CI plus tag-driven signed release workflow (PFX-from-secret and Azure Trusted Signing paths), and Dependabot config.
Bumps [azure/trusted-signing-action](https://github.com/azure/trusted-signing-action) from 0.5.1 to 2.0.0. - [Release notes](https://github.com/azure/trusted-signing-action/releases) - [Commits](Azure/artifact-signing-action@v0.5.1...v2.0.0) --- updated-dependencies: - dependency-name: azure/trusted-signing-action dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/azure/trusted-signing-action-2.0.0
branch
imanimanyara
added a commit
that referenced
this pull request
May 19, 2026
Force-pushing main during the v0.1.0 release left eight Dependabot PRs (#1-#8) with invalid base refs; Dependabot closed them and deleted their branches, then on the next scan refused to re-create them under its "already-proposed-and-closed" dedup rule. The PRs can't be revived (`gh pr reopen` rejects them because the branch is gone, and `@dependabot recreate` comments on closed PRs do nothing). Applying the bumps directly is the rebase outcome the user asked for. All four target tags verified to exist on disk: actions/checkout v5 -> v6 actions/upload-artifact v4 -> v7 softprops/action-gh-release v2 -> v3 azure/trusted-signing-action v0.5.1 -> v2 YAML validates. CI will run on this commit and confirm the v6/v7 checkout+upload still work; release.yml's signing path won't actually exercise v2 of trusted-signing-action until repo secrets are configured, but the version pin is current.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps azure/trusted-signing-action from 0.5.1 to 2.0.0.
Release notes
Sourced from azure/trusted-signing-action's releases.
... (truncated)
Commits
c7ab2a8refactor: upgrade packages to the latest versions (#135)7664ceadocs: update README runtime version and action references (#139)64185d8refactor: migrate to new artifactsigning module (#133)b443cf8Update internal actions/cache to v5.0.4 (#126)6c581ebrefactor: disable az credential types by default except cli and env vars (#122)dd27d98docs: update examples to remove azps session (#123)87c2e83feat: check runner prior to execution (#120)d15bd92chore: upgrade cache-action to version 4.3.0 (#116)2eddbb3docs: update lack of support for win arm (#117)f3a110bchore: update code owners to artifact signing team (#118)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)