Skip to content
Self — PR Validation

chore(deps): bump actions/create-github-app-token from 2 to 3 in the release group across 1 directory #188

Sign in to view logs

chore(deps): bump actions/create-github-app-token from 2 to 3 in the release group across 1 directory

chore(deps): bump actions/create-github-app-token from 2 to 3 in the release group across 1 directory #188

Triggered via pull request April 6, 2026 11:12
@dependabotdependabot[bot]
synchronize #147
dependabot/github_actions/develop/release-1730de5550
Status Failure
Total duration 1m 7s
Artifacts

self-pr-validation.yml

on: pull_request
Detect Changed Files
6s
Detect Changed Files
validation  /  Blocking Checks
10s
validation / Blocking Checks
YAML Lint
6s
YAML Lint
Action Lint
9s
Action Lint
Pinned Actions Check
6s
Pinned Actions Check
Markdown Link Check
0s
Markdown Link Check
Spelling Check
7s
Spelling Check
Shell Check
5s
Shell Check
README Check
5s
README Check
Composite Schema Lint
0s
Composite Schema Lint
CodeQL Analysis
41s
CodeQL Analysis
validation  /  Advisory Checks
10s
validation / Advisory Checks
Lint Report
7s
Lint Report
validation  /  PR Checks Summary
5s
validation / PR Checks Summary
validation  /  ...  /  Send Notification
7s
validation / Notify / Send Notification
Fit to window
Zoom out
Zoom in

Annotations

10 errors, 2 warnings, and 1 notice
Pinned Actions Check
Process completed with exit code 1.
Pinned Actions Check
Found 8 external action(s) not pinned by commit SHA. Pin using the full SHA with a version comment (e.g., @abc123 # v6).
Pinned Actions Check: .github/workflows/release-notification.yml#L124
External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/release-notification.yml#L117
External action not pinned by SHA: uses: actions/create-github-app-token@v3 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/gptchangelog.yml#L736
External action not pinned by SHA: uses: slackapi/slack-github-action@v1.24.0 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/gptchangelog.yml#L282
External action not pinned by SHA: uses: crazy-max/ghaction-import-gpg@v7 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/gptchangelog.yml#L262
External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/gptchangelog.yml#L255
External action not pinned by SHA: uses: actions/create-github-app-token@v3 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/gptchangelog.yml#L142
External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
Pinned Actions Check: .github/workflows/gptchangelog.yml#L65
External action not pinned by SHA: uses: actions/checkout@v6 (use full commit SHA with a # vX.Y.Z comment)
CodeQL Analysis
Starting April 2026, the CodeQL Action will skip computing file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. To opt out of this change, set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true`. Alternatively, create a custom repository property with the name `github-codeql-file-coverage-on-prs` and the type "True/false", then set this property to `true` in the repository's settings.
CodeQL Analysis
1 issue was detected with this workflow: Please specify an on.push hook to analyze and see code scanning alerts from the default branch on the Security tab.
validation / Advisory Checks
PR size: XS (10 lines changed)