Bump dependencies #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2025 Upbound Inc. <https://upbound.io> | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Backport | |
| on: | |
| # NOTE(negz): This is a risky target, but we run this action only when and if | |
| # a PR is closed, then filter down to specifically merged PRs. We also don't | |
| # invoke any scripts, etc from within the repo. I believe the fact that we'll | |
| # be able to review PRs before this runs makes this fairly safe. | |
| # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
| pull_request_target: | |
| types: [closed] | |
| # See also backport-trigger.yml for the /backport triggered variant of this workflow. | |
| jobs: | |
| open-pr: | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.merged | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Open Backport PR | |
| uses: zeebe-io/backport-action@ca4972adce8039ff995e618f5fc02d1b7961f27a # v3.3.0 |