Skip to content

chore(deps): bump EndBug/add-and-commit from 9 to 10#578

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/EndBug/add-and-commit-10
Open

chore(deps): bump EndBug/add-and-commit from 9 to 10#578
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/EndBug/add-and-commit-10

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026

Bumps EndBug/add-and-commit from 9 to 10.

Release notes

Sourced from EndBug/add-and-commit's releases.

v10.0.0

What's Changed

... (truncated)

Commits
  • 290ea2c 10.0.0
  • 5190a0a docs: prepare for v10
  • 9ac3878 chore: npm audit fix
  • 7b015bd docs: add CodeReaper as a contributor for maintenance (#723)
  • 300836d chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#722)
  • f6e20ed feat!: use node version 24 (#720)
  • 6280653 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#721)
  • 1539a6a chore(deps): bump @​actions/core from 2.0.2 to 3.0.0 (#716)
  • af611dd chore(deps): bump minimatch (#718)
  • 2df77c1 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#712)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump EndBug/add-and-commit from 9 to 10
f4a0a89 
Bumps [EndBug/add-and-commit](https://github.com/endbug/add-and-commit) from 9 to 10.
- [Release notes](https://github.com/endbug/add-and-commit/releases)
- [Commits](EndBug/add-and-commit@v9...v10)

---
updated-dependencies:
- dependency-name: EndBug/add-and-commit
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added 📦 Dependencies Pull requests that update a dependency file 🚀 CI/CD Indicates the change is related to CI/CD workflows labels Mar 23, 2026
@dependabot dependabot bot requested a review from AlbertHernandez as a code owner March 23, 2026 11:53
@dependabot dependabot bot added 🚀 CI/CD Indicates the change is related to CI/CD workflows 📦 Dependencies Pull requests that update a dependency file labels Mar 23, 2026
@github-actions github-actions bot added ignore-for-release Ignore pull request for a new release and removed 📦 Dependencies Pull requests that update a dependency file labels Mar 23, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 23, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/handle-generate-dist-command.yml

PackageVersionLicenseIssue Type
EndBug/add-and-commit10.*.*NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/EndBug/add-and-commit 10.*.* 🟢 5.8
Details
CheckScoreReason
Maintained🟢 1012 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 5Found 3/6 approved changesets -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/handle-generate-dist-command.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlbertHernandez AlbertHernandez Awaiting requested review from AlbertHernandez AlbertHernandez is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🚀 CI/CD Indicates the change is related to CI/CD workflows ignore-for-release Ignore pull request for a new release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants