Bump guibranco/github-infisical-secrets-check-action from 4.1.17 to 4.1.18

[dependabot]

Bumps guibranco/github-infisical-secrets-check-action from 4.1.17 to 4.1.18.

Release notes

Sourced from guibranco/github-infisical-secrets-check-action's releases.

Release v4.1.18

Release 4.1.18 of github-infisical-secrets-check-action

What's Changed

• Bump guibranco/github-file-reader-action-v2 from 2.2.851 to 2.2.854 in the actions-minor group by @​dependabot[bot] in guibranco/github-infisical-secrets-check-action#127

Full Changelog: guibranco/github-infisical-secrets-check-action@v4.1.17...v4.1.18

Commits

• 6f11c71 Bump guibranco/github-file-reader-action-v2 in the actions-minor group (#127)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @guibranco.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Description by Korbit AI

What change is being made?

Update the Infisical secrets check GitHub Action from v4.1.17 to v4.1.18 in the workflow.

Why are these changes being made?

Bump to the latest patch release to receive fixes and improvements.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[korbit-ai]

By default, I don't review pull requests opened by bots. If you would like me to review this pull request anyway, you can request a review via the /korbit-review command in a comment.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
progressbar	Ready	Preview	Comment	Oct 6, 2025 0:18am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Oct 08 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[guibranco]

Automatically approved by gstraccini[bot]

[guibranco]

@dependabot squash and merge

[sourcery-ai]

New security issues found

[sourcery-ai]

security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

Source: opengrep

[dependabot]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[github-actions]

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

A new release of infisical is available: 0.41.90 -> 0.42.6

To update, run: sudo apt-get update && sudo apt-get install infisical

12:18PM INF scanning for exposed secrets...
12:18PM INF 99 commits scanned.
12:18PM INF scan completed in 17.1ms
12:18PM INF no leaks found