Skip to content

Add all the dependabot fixes#1005

Open
KimForss wants to merge 2 commits intoAzure:release/january-2026from
KimForss:SFI
Open

Add all the dependabot fixes#1005
KimForss wants to merge 2 commits intoAzure:release/january-2026from
KimForss:SFI

Conversation

@KimForss
Copy link
Collaborator

@KimForss KimForss commented Jan 26, 2026

This pull request updates several dependencies and GitHub Actions across the repository to their latest versions, improving security, stability, and compatibility. The changes primarily focus on upgrading workflow actions and .NET/NuGet packages.

GitHub Actions workflow updates:

  • Updated actions/checkout to v6.0.1 in multiple workflows for improved reliability and security. (.github/workflows/codeql.yml [1] .github/workflows/container-build.yaml [2] .github/workflows/dependency-review.yml [3] .github/workflows/ossf-scorecard.yml [4] .github/workflows/trivy.yml [5]
  • Upgraded github/codeql-action steps (init, autobuild, analyze, upload-sarif) to v4.31.10 for enhanced CodeQL scanning and reporting. (.github/workflows/codeql.yml [1] [2] [3]; .github/workflows/ossf-scorecard.yml [4]; .github/workflows/trivy.yml [5]
  • Updated docker/build-push-action to v6 in the container build workflow for better Docker image build and push features. (.github/workflows/container-build.yaml .github/workflows/container-build.yamlL82-R82)
  • Upgraded actions/setup-python to v6.2.0 in the Ansible lint workflow for improved Python environment setup. (.github/workflows/github-actions-ansible-lint.yml .github/workflows/github-actions-ansible-lint.ymlL20-R20)
  • Updated actions/upload-artifact to v6.0.0 in the OSSF Scorecard workflow for artifact uploads. (.github/workflows/ossf-scorecard.yml .github/workflows/ossf-scorecard.ymlL67-R67)

.NET/NuGet package updates:

  • Upgraded several NuGet package versions in SDAFWebApp.csproj, including Azure SDKs, Microsoft Identity libraries, and others for bug fixes and new features. (Webapp/SDAF/SDAFWebApp.csproj Webapp/SDAF/SDAFWebApp.csprojL21-R35)
  • Updated dotnet-ef tool version from 10.0.0 to 10.0.2 in dotnet-tools.json for Entity Framework CLI improvements. (Webapp/SDAF/.config/dotnet-tools.json Webapp/SDAF/.config/dotnet-tools.jsonL12-R12)## Problem

Solution

Tests

Notes

@KimForss KimForss requested a review from hdamecharla January 26, 2026 14:41
@KimForss KimForss requested a review from a team as a code owner January 26, 2026 14:41
Copilot AI review requested due to automatic review settings January 26, 2026 14:41
Copilot AI reviewed Jan 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request updates GitHub Actions workflows and .NET dependencies to their latest versions, addressing security vulnerabilities and improving stability. The updates were likely generated by Dependabot to keep dependencies current.

Changes:

  • Updated GitHub Actions including actions/checkout to v6.0.1, github/codeql-action to v4.31.10, docker/build-push-action to v6, actions/setup-python to v6.2.0, and actions/upload-artifact to v6.0.0
  • Upgraded five NuGet packages in the web application project: Azure.ResourceManager.Compute, Azure.Storage.Blobs, Microsoft.Identity.Web, Microsoft.Identity.Web.UI, and System.Runtime.Caching
  • Updated dotnet-ef tool from version 10.0.0 to 10.0.2

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.github/workflows/codeql.yml Updated actions/checkout to v6.0.1 and all github/codeql-action steps to v4.31.10 for enhanced security scanning
.github/workflows/container-build.yaml Updated actions/checkout to v6.0.1 and docker/build-push-action to v6 for improved container builds
.github/workflows/dependency-review.yml Updated actions/checkout to v6.0.1 for consistency
.github/workflows/ossf-scorecard.yml Updated actions/checkout to v6.0.1, actions/upload-artifact to v6.0.0, and github/codeql-action to v4.31.10
.github/workflows/trivy.yml Updated actions/checkout to v6.0.1 and github/codeql-action to v4.31.10
.github/workflows/github-actions-ansible-lint.yml Updated actions/setup-python to v6.2.0, but actions/checkout was missed and remains at v6.0.0
Webapp/SDAF/SDAFWebApp.csproj Updated five Azure and Microsoft NuGet packages to their latest compatible versions
Webapp/SDAF/.config/dotnet-tools.json Updated dotnet-ef tool to version 10.0.2 for Entity Framework improvements

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/github-actions-ansible-lint.yml
@@ -17,7 +17,7 @@ jobs:
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0
Copy link

Copilot AI Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The actions/checkout action at this line is still using v6.0.0 (commit SHA 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) while all other workflow files in this PR have been updated to v6.0.1 (commit SHA 8e8c483db84b4bee98b60c0593521ed34d9990e8). For consistency and to ensure all security and stability improvements are applied across the repository, this action should also be updated to v6.0.1.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hdamecharla hdamecharla Awaiting requested review from hdamecharla

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KimForss