looptech-ai · dependabot · May 14, 2026
@@ -17,9 +17,9 @@ jobs:
       pull-requests: write
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

@@ -23,9 +23,9 @@ jobs:
         path: ['.', 'mcp', 'cli']
     steps:
       # pin: v4.2.2 -- actions/checkout
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # pin: v4.4.0 -- actions/setup-node
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

@@ -43,7 +43,7 @@ jobs:
       - name: Fetch Dependabot metadata
         id: meta
         # pin: v2.2.0 -- dependabot/fetch-metadata
-        uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34
+        uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 

@@ -16,7 +16,7 @@ jobs:
       checks: read
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 0
 

@@ -29,7 +29,7 @@ jobs:
       matrix:
         sanitizer: [address, undefined]
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       - name: Build fuzzers
         id: build
         uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1

@@ -32,7 +32,7 @@ jobs:
         sanitizer: [address, undefined]
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # pin: main -- google/clusterfuzzlite/actions/build_fuzzers
       - name: Build fuzzers

@@ -41,7 +41,7 @@ jobs:
     steps:
       # pin: v6.0.0 -- actions/checkout
       - name: Checkout
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # pin: v4.35.4 -- github/codeql-action
       - name: Initialize CodeQL

@@ -21,12 +21,12 @@ jobs:
       actions: write
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 1
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
 

@@ -20,7 +20,7 @@ jobs:
       contents: read
       pull-requests: write
     steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # pin: v5.0.0
+      - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # pin: v6.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           configuration-path: .github/labeler.yml

@@ -31,10 +31,10 @@ jobs:
       issues: write
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # pin: v5.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v5.0.0
 
       - name: Restore lychee cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # pin: v4.3.0
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # pin: v5.0.5
         with:
           path: .lycheecache
           key: lychee-${{ github.run_id }}
@@ -58,7 +58,7 @@ jobs:
 
       - name: Open or update tracking issue on scheduled failures
         if: steps.lychee.outputs.exit_code != 0 && github.event_name == 'schedule'
-        uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # pin: v5.0.1
+        uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # pin: v6.0.0
         with:
           title: "Link check: broken links detected"
           content-filepath: ./lychee/out.md

@@ -25,10 +25,10 @@ jobs:
         node-version: [18.x, 20.x, 22.x]
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # pin: v6.0.0 -- actions/setup-node
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version: ${{ matrix.node-version }}
           cache: "npm"

@@ -31,15 +31,15 @@ jobs:
       issues: write
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
 
       # pin: v6.0.0 -- actions/setup-python
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
         with:
           python-version: '3.12'
 

@@ -32,10 +32,10 @@ jobs:
       contents: read
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
 

@@ -19,10 +19,10 @@ jobs:
         working-directory: cli
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           registry-url: 'https://registry.npmjs.org/'
@@ -44,7 +44,7 @@ jobs:
 
       # pin: v3.2.0 -- actions/attest-build-provenance
       - name: Attest build provenance
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
         with:
           subject-path: 'cli/*.tgz'
 

@@ -19,9 +19,9 @@ jobs:
         working-directory: mcp
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           registry-url: 'https://registry.npmjs.org/'
@@ -37,7 +37,7 @@ jobs:
         run: npm pack
       # pin: v3.2.0 -- actions/attest-build-provenance
       - name: Attest build provenance
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
         with:
           subject-path: 'mcp/*.tgz'
       - name: Publish

@@ -46,19 +46,19 @@ jobs:
 
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           ref: ${{ github.event.inputs.ref || github.ref }}
 
       # pin: v6.0.0 -- actions/setup-python
       - name: Set up Python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
         with:
           python-version: '3.12'
 
       # pin: v6.0.0 -- actions/setup-node
       - name: Set up Node (for version check)
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
 
@@ -79,13 +79,13 @@ jobs:
 
       # pin: v3.2.0 -- actions/attest-build-provenance
       - name: Attest build provenance
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
         with:
           subject-path: 'python-sdk/dist/*'
 
       # pin: v4.6.2 -- actions/upload-artifact
       - name: Upload artifacts to workflow
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: python-sdk-dist
           path: python-sdk/dist/*
@@ -94,7 +94,7 @@ jobs:
       # pin: v2.2.1 -- softprops/action-gh-release
       - name: Attach wheel + sdist to GitHub release
         if: github.event_name == 'release'
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
         with:
           files: python-sdk/dist/*
 
@@ -106,7 +106,7 @@ jobs:
         id: pypi_oidc
         if: github.event_name == 'release'
         continue-on-error: true
-        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b
         with:
           packages-dir: python-sdk/dist
           skip-existing: true

@@ -26,7 +26,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: release-drafter/release-drafter@67e173cadb2fbd3de94f4a861e0c48c913b462ae # pin: v6.4.0
+      - uses: release-drafter/release-drafter@6a93d829887aa2e0748befe2e808c66c0ec6e4c7 # pin: v6.4.0
         with:
           config-name: release.yml
         env:

@@ -21,7 +21,7 @@ jobs:
       pull-requests: write
     steps:
       # pin: v4.1.5 -- googleapis/release-please-action
-      - uses: googleapis/release-please-action@5792afc6b46e9bb55deda9eda973a18c226bc3fc
+      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7
         with:
           config-file: release-please-config.json
           manifest-file: .release-please-manifest.json
@@ -16,9 +16,9 @@ jobs:
       contents: write
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin: v5.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.2
         with:
           persist-credentials: false
 
@@ -44,7 +44,7 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF results
-        uses: github/codeql-action/upload-sarif@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # pin: v3.27.0
+        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # pin: v3.27.0
         with:
           sarif_file: results.sarif
           category: ossf-scorecard
@@ -27,15 +27,15 @@ jobs:
     timeout-minutes: 5
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           # Full history so the scan can compare base..head (PRs) or walk
           # the new commits (push). TruffleHog needs both endpoints.
           fetch-depth: 0
 
       # pin: v3.95.2 -- trufflesecurity/trufflehog
       - name: Run TruffleHog
-        uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26
+        uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab
         with:
           # `base` is unset on push events; the action computes the
           # commit range itself in that case. On PR events the action

@@ -27,7 +27,7 @@ jobs:
       contents: read
       pull-requests: read
     steps:
-      - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # pin: v5.5.3
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # pin: v5.5.3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

@@ -17,10 +17,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
 
@@ -36,7 +36,7 @@ jobs:
       # pin: v7.0.0 -- actions/upload-artifact
       - name: Upload Playwright HTML report
         if: failure()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: playwright-report
           path: tests/playwright/report

@@ -27,7 +27,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # pin: v9.1.0
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # pin: v10.2.0
         with:
           days-before-issue-stale: 60
           days-before-issue-close: 15

@@ -48,9 +48,9 @@ jobs:
       actions: write
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # pin: v6.0.0 -- actions/checkout
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           fetch-depth: 2
       # pin: v6.0.0 -- actions/setup-node
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'