From e95f5cc590f162f2c3c9ac359b5961d1355aca9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 13:26:38 +0000 Subject: [PATCH 1/3] build(deps): bump actions/github-script in /.github/workflows Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/d7906e4ad0b1822421a7e6a35d5ca353c962f410...ed597411d8f924073f98dfc5c65a23a2325f34cd) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/fail-on-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml index 12a288bb..a5b876c3 100644 --- a/.github/workflows/fail-on-prerelease.yml +++ b/.github/workflows/fail-on-prerelease.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check latest published release isn't a prerelease" - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v6 with: script: | const tags = await github.rest.repos.listTags({ From a16c7e28c28c0e93718cc6a03cd6ae750e63f391 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 4 Feb 2026 23:11:04 +0100 Subject: [PATCH 2/3] Clean up pull request template Removed unnecessary lines from the pull request template. Signed-off-by: Simon L. --- .github/pull_request_template.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 0350cecc..5d1441b4 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -3,6 +3,3 @@ - - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime. --> - -* Resolves: # -* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits From 2df9b8af50fef909598dffc6342cf6ad581948b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 12:07:10 +0000 Subject: [PATCH 3/3] build(deps): bump astral-sh/setup-uv in /.github/workflows Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/61cb8a9741eeb8a550a1b8544337180c0fc8476b...803947b9bd8e9f986429fa0c5a41c367cd732b41) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index e36b8f4c..789ca0e0 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -36,7 +36,7 @@ jobs: line-length: warning - name: Install the latest version of uv - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 - name: Check GitHub actions run: uvx zizmor --min-severity medium .github/workflows/*.yml