Description Daily Autohealing Report — 2026-03-27 (UTC)
Errored PRs
None.
Security
Advisory / PR
Severity
Action Taken
GHSA-#42 (picomatch)
High
Logged — Renovate owns dependency updates
GHSA-#43 (picomatch)
Medium
Logged — Renovate owns dependency updates
GHSA-#45 (brace-expansion)
Medium
Logged — Renovate owns dependency updates
Action & Workflow Integrity
Check
Result
Action
SHA pinning
✅ All pinned
All workflows and templates use SHA-pinned actions
dist/ freshness
✅ Current
All dist files rebuilt after src changes
Template metadata
✅ Complete
All 6 workflow templates have .properties.json files
Action YAML
✅ Valid
All 3 actions have valid action.yaml/yml pointing to dist/index.js
Code Quality & Monorepo Health
Check
Result
Action
quality-check
✅ Pass
496 tests passed, type-check, lint, build all successful
Test coverage
✅ Meets 80%
Coverage thresholds met
Workspace consistency
✅ Clean
7 recommendations (not errors)
Stale TODOs
0 found
No TODO/FIXME/HACK annotations found
Developer Experience & Org Standards
No lint/format fixes needed (codebase clean)
common-settings.yaml uses correct checks field (not deprecated contexts)
AGENTS.md drift detected (see Needs Human Attention)
Needs Human Attention
GHSA-chore(deps): update Exivity Actions to d592c1c #42 : picomatch ReDoS vulnerability — No open Dependabot PR found. Per DEPENDENCY_OWNERSHIP rule, Renovate owns routine dependency updates. Recommend triggering Renovate or creating security PR for picomatch dependency.
AGENTS.md documentation drift : File counts documented vs actual:
renovate-changesets: documented 96 src files, actual 125 (29 files added)update-repository-settings: documented 26 src files, actual 17 (9 files removed/refactored)Recommend updating AGENTS.md to reflect current structure.
Run Summary
Field
Value
Event
schedule
Repository
bfra-me/.github
Run ID
23656577048
Cache
hit
Session
ses_2df4a6131ffe2DvfjfWt6Rc4Sj
Reactions are currently unavailable
You can’t perform that action at this time.
Daily Autohealing Report — 2026-03-27 (UTC)
Errored PRs
None.
Security
Action & Workflow Integrity
Code Quality & Monorepo Health
Developer Experience & Org Standards
checksfield (not deprecatedcontexts)Needs Human Attention
GHSA-chore(deps): update Exivity Actions to d592c1c #42 (High severity): picomatch ReDoS vulnerability — No open Dependabot PR found. Per DEPENDENCY_OWNERSHIP rule, Renovate owns routine dependency updates. Recommend triggering Renovate or creating security PR for picomatch dependency.
AGENTS.md documentation drift: File counts documented vs actual:
renovate-changesets: documented 96 src files, actual 125 (29 files added)update-repository-settings: documented 26 src files, actual 17 (9 files removed/refactored)Run Summary