chore(deps): update actions/checkout digest to df4cb1c#395
chore(deps): update actions/checkout digest to df4cb1c#395renovate[bot] wants to merge 1 commit into
Conversation
WalkthroughWalkthroughThis PR repins Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/cd.yml:
- Line 24: The checkout step using "uses:
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" should be hardened by
adding a "with:" block that sets "persist-credentials: false"; update the step
that references actions/checkout to include the with: persist-credentials: false
key so the GitHub token is not left in the runner git config (keep the same
checkout action version string).
In @.github/workflows/ci.yml:
- Line 25: Multiple actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
steps are missing the "persist-credentials: false" setting causing GITHUB_TOKEN
to be persisted; update each checkout step (the uses lines for
actions/checkout@df4cb1c0... referenced in the workflow) to include a with:
block that sets persist-credentials: false (preserving existing keys like
fetch-depth: 0 where present) so credentials are not stored for subsequent
steps.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: f3ee4bcb-0ee0-4032-bafd-dabf368b75d6
📒 Files selected for processing (3)
.github/workflows/cd-pypi-cli.yml.github/workflows/cd.yml.github/workflows/ci.yml
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | ||
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/cd.yml"
echo "== File: $FILE =="
if [ ! -f "$FILE" ]; then
echo "MISSING: $FILE"
exit 1
fi
# Show relevant area around the referenced line
nl -ba "$FILE" | sed -n '1,120p' | sed -n '15,60p'
echo
echo "== Grep checkout steps =="
rg -n "actions/checkout@" "$FILE" || true
echo
echo "== Show checkout step block (approx) =="
# Print from first checkout line with some context
line=$(rg -n "actions/checkout@" "$FILE" | head -n1 | cut -d: -f1)
start=$(( line-6 ))
end=$(( line+12 ))
nl -ba "$FILE" | sed -n "${start},${end}p" || trueRepository: deepnote/deepnote
Length of output: 160
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/cd.yml"
echo "== File: $FILE =="
ls -l "$FILE"
echo
echo "== Raw grep of checkout =="
rg -n "actions/checkout@" "$FILE" || true
echo
echo "== Show lines 1-120 with simple numbering =="
awk '{printf "%5d\t%s\n", NR, $0}' "$FILE" | sed -n '1,120p'
echo
echo "== Show broader window around first checkout occurrence (or fallback) =="
first=$(rg -n "actions/checkout@" "$FILE" | head -n1 | cut -d: -f1 || true)
if [ -n "${first:-}" ]; then
start=$(( first-15 ))
end=$(( first+25 ))
if [ "$start" -lt 1 ]; then start=1; fi
awk '{printf "%5d\t%s\n", NR, $0}' "$FILE" | sed -n "${start},${end}p"
else
echo "No checkout found; showing 1-80"
awk '{printf "%5d\t%s\n", NR, $0}' "$FILE" | sed -n '1,80p'
fi
echo
echo "== Does this workflow set persist-credentials? =="
rg -n "persist-credentials" "$FILE" || trueRepository: deepnote/deepnote
Length of output: 5587
Harden checkout token handling.
Add with: persist-credentials: false to prevent the GitHub token from being persisted in the runner’s git config.
Suggested patch
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+ with:
+ persist-credentials: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 23-24: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/cd.yml at line 24, The checkout step using "uses:
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" should be hardened by
adding a "with:" block that sets "persist-credentials: false"; update the step
that references actions/checkout to include the with: persist-credentials: false
key so the GitHub token is not left in the runner git config (keep the same
checkout action version string).
Source: Linters/SAST tools
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | ||
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/ci.yml"
echo "== File exists =="
ls -la "$FILE" || true
echo
echo "== Show checkout steps with their surrounding config =="
rg -n --hidden "uses:\s*actions/checkout@" "$FILE" -n
echo
echo "== Print full workflow (bounded) around relevant lines =="
# Print generous context around the referenced line numbers from the review comment
for start in 1 35 60 85 110 145 180 215 245 275; do
end=$((start+35))
echo "--- lines ${start}-${end} ---"
sed -n "${start},${end}p" "$FILE" | nl -ba -w2 -s':'
doneRepository: deepnote/deepnote
Length of output: 1156
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/ci.yml"
echo "== Checkout steps (with exact step block context) =="
# Print each checkout line plus next ~25 lines to capture `with:` if present
rg -n "uses:\s*actions/checkout@" "$FILE" -n | cut -d: -f1 | while read -r ln; do
echo "--- starting at line $ln ---"
end=$((ln+25))
sed -n "${ln},${end}p" "$FILE" | awk '{printf "%4d:%s\n", NR+('$ln'-1), $0}'
doneRepository: deepnote/deepnote
Length of output: 9125
Disable GitHub token persistence for all CI checkouts
All actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 steps in .github/workflows/ci.yml lack with: persist-credentials: false (including the one already using fetch-depth: 0), so credentials are persisted by default.
Suggested patch pattern
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+ with:
+ persist-credentials: false - name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
fetch-depth: 0
+ persist-credentials: falseAlso applies to checkout steps at lines: 25, 48, 71-74, 90, 127, 162, 205, 236, 259, 282.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 24-25: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/ci.yml at line 25, Multiple
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 steps are missing the
"persist-credentials: false" setting causing GITHUB_TOKEN to be persisted;
update each checkout step (the uses lines for actions/checkout@df4cb1c0...
referenced in the workflow) to include a with: block that sets
persist-credentials: false (preserving existing keys like fetch-depth: 0 where
present) so credentials are not stored for subsequent steps.
Source: Linters/SAST tools
renovate
Bot
force-pushed
the
renovate/actions-checkout-digest
branch
2 times, most recently
from
254c066 to
f62e1ce
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #395 +/- ##
=======================================
Coverage 84.35% 84.35%
=======================================
Files 153 153
Lines 7996 7996
Branches 2163 2225 +62
=======================================
Hits 6745 6745
Misses 1250 1250
Partials 1 1 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
.github/workflows/cd.yml (1)
23-24:⚠️ Potential issue | 🟠 Major | ⚡ Quick winStill unresolved: harden checkout token handling.
At Line 24, add
persist-credentials: falseto prevent token persistence on the runner.Suggested patch
- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + with: + persist-credentials: false🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/cd.yml around lines 23 - 24, In the "Checkout code" step (the step with name: Checkout code and uses: actions/checkout@...), add the option persist-credentials: false under that step to prevent the runner from persisting the GITHUB_TOKEN; ensure the new key is indented to match the step and included alongside any existing with: block (or create a with: block if missing) so the checkout action is invoked with persist-credentials: false.Source: Linters/SAST tools
.github/workflows/ci.yml (1)
24-25:⚠️ Potential issue | 🟠 Major | ⚡ Quick winApply
persist-credentials: falseto every CI checkout step.All listed checkout blocks still persist credentials by default. Add
persist-credentials: falseeverywhere, preserving existingwithkeys (e.g.,fetch-depth).Suggested patch pattern
- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + with: + persist-credentials: false- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 0 + persist-credentials: falseAlso applies to: 47-48, 71-74, 89-90, 126-127, 161-162, 204-205, 235-236, 258-259, 281-282
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/ci.yml around lines 24 - 25, The CI workflow checkout steps currently call uses: actions/checkout@... without disabling credential persistence; for every checkout step (e.g., the one using actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 and the other checkout occurrences referenced in the review) add a with block entry persist-credentials: false while preserving any existing with keys such as fetch-depth; ensure each checkout step's YAML merges this key into its existing with mapping (do not remove or change existing keys) so credentials are not persisted across jobs.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/cd-pypi-cli.yml:
- Around line 28-29: The checkout step ("Checkout code") uses actions/checkout
(uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10) and currently
leaves credential persistence enabled; update that step to set
persist-credentials: false so the runner does not write the GITHUB_TOKEN into
git config after checkout.
---
Duplicate comments:
In @.github/workflows/cd.yml:
- Around line 23-24: In the "Checkout code" step (the step with name: Checkout
code and uses: actions/checkout@...), add the option persist-credentials: false
under that step to prevent the runner from persisting the GITHUB_TOKEN; ensure
the new key is indented to match the step and included alongside any existing
with: block (or create a with: block if missing) so the checkout action is
invoked with persist-credentials: false.
In @.github/workflows/ci.yml:
- Around line 24-25: The CI workflow checkout steps currently call uses:
actions/checkout@... without disabling credential persistence; for every
checkout step (e.g., the one using
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 and the other checkout
occurrences referenced in the review) add a with block entry
persist-credentials: false while preserving any existing with keys such as
fetch-depth; ensure each checkout step's YAML merges this key into its existing
with mapping (do not remove or change existing keys) so credentials are not
persisted across jobs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 7bd32ec0-250f-4618-bccd-4477cd1faebd
📒 Files selected for processing (3)
.github/workflows/cd-pypi-cli.yml.github/workflows/cd.yml.github/workflows/ci.yml
| - name: Checkout code | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | ||
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Identify the workflow file and inspect relevant lines
FILE=".github/workflows/cd-pypi-cli.yml"
if [ ! -f "$FILE" ]; then
echo "Missing file: $FILE" >&2
exit 1
fi
echo "---- checkout steps (with line numbers) ----"
rg -n "actions/checkout@" "$FILE" || true
echo
echo "---- lines 1-120 for context ----"
nl -ba "$FILE" | sed -n '1,140p'
echo
echo "---- search for persist-credentials in workflow ----"
rg -n "persist-credentials" "$FILE" || trueRepository: deepnote/deepnote
Length of output: 283
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/cd-pypi-cli.yml"
[ -f "$FILE" ] || { echo "Missing file: $FILE" >&2; exit 1; }
echo "---- checkout steps (with line numbers) ----"
rg -n "actions/checkout@" "$FILE" || true
echo
echo "---- lines 1-80 (with numbers) ----"
cat -n "$FILE" | sed -n '1,80p'
echo
echo "---- search for persist-credentials in workflow ----"
rg -n "persist-credentials" "$FILE" || true
echo
echo "---- search for token/persist/permissions patterns ----"
rg -n "(token:|GITHUB_TOKEN|permissions:|persist-credentials|ssh-key)" "$FILE" || trueRepository: deepnote/deepnote
Length of output: 3262
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/cd-pypi-cli.yml"
echo "---- full file (bounded) ----"
cat -n "$FILE" | sed -n '80,220p'
echo
echo "---- check for any other checkout steps ----"
rg -n "actions/checkout@" "$FILE" || trueRepository: deepnote/deepnote
Length of output: 2498
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/cd-pypi-cli.yml"
echo "---- search for git usage ----"
rg -n "(^|[[:space:]])git[[:space:]]" "$FILE" || true
echo
echo "---- search for GITHUB_TOKEN/GIT config usage ----"
rg -n "(GITHUB_TOKEN|git config|credential|persist-credentials)" "$FILE" || trueRepository: deepnote/deepnote
Length of output: 144
Disable credential persistence in checkout.
.github/workflows/cd-pypi-cli.yml uses actions/checkout without persist-credentials: false, so checkout will default to persisting the token in git config.
Suggested patch
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+ with:
+ persist-credentials: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| - name: Checkout code | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 28-29: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/cd-pypi-cli.yml around lines 28 - 29, The checkout step
("Checkout code") uses actions/checkout (uses:
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10) and currently leaves
credential persistence enabled; update that step to set persist-credentials:
false so the runner does not write the GITHUB_TOKEN into git config after
checkout.
Source: Linters/SAST tools
renovate
Bot
force-pushed
the
renovate/actions-checkout-digest
branch
3 times, most recently
from
c9fb505 to
106e7bc
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (3)
.github/workflows/cd-pypi-cli.yml (1)
28-29:⚠️ Potential issue | 🟠 Major | ⚡ Quick winDisable credential persistence on checkout.
Line 29 still uses
actions/checkoutwithoutpersist-credentials: false, so the token may be persisted in local git config.Suggested patch
- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + with: + persist-credentials: false🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/cd-pypi-cli.yml around lines 28 - 29, The Checkout code step using actions/checkout is missing the persist-credentials configuration, which could leave the GitHub token persisted in local git config. Add persist-credentials: false to the actions/checkout step to ensure the authentication token is not saved in the git configuration.Source: Linters/SAST tools
.github/workflows/cd.yml (1)
23-24:⚠️ Potential issue | 🟠 Major | ⚡ Quick winHarden checkout token handling.
Line 24 is still missing
persist-credentials: false; default behavior can retain the GitHub token in git config for later steps.Suggested patch
- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + with: + persist-credentials: false🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/cd.yml around lines 23 - 24, The Checkout code step using actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 is missing the persist-credentials: false configuration option. Add persist-credentials: false as a parameter to the checkout action to prevent the GitHub token from being retained in the git config for subsequent workflow steps, which is a security hardening best practice.Source: Linters/SAST tools
.github/workflows/ci.yml (1)
25-25:⚠️ Potential issue | 🟠 Major | ⚡ Quick winAdd
persist-credentials: falseto every CI checkout step.Each listed checkout step still relies on default credential persistence. For Line 71-74, keep
fetch-depth: 0and addpersist-credentials: falsealongside it.Suggested patch pattern
- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + with: + persist-credentials: false- name: Checkout code uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 0 + persist-credentials: falseAlso applies to: 48-48, 71-74, 90-90, 127-127, 162-162, 205-205, 236-236, 259-259, 282-282
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/ci.yml at line 25, The GitHub Actions workflow file has multiple uses of the actions/checkout action that rely on default credential persistence, which is a security best practice to disable. Add persist-credentials: false to every actions/checkout step in the workflow. This applies at the following locations in .github/workflows/ci.yml: anchor at line 25, and siblings at lines 48, 71-74, 90, 127, 162, 205, 236, 259, and 282. For the checkout step at lines 71-74, preserve the existing fetch-depth: 0 parameter and add persist-credentials: false as an additional parameter in the same uses statement.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In @.github/workflows/cd-pypi-cli.yml:
- Around line 28-29: The Checkout code step using actions/checkout is missing
the persist-credentials configuration, which could leave the GitHub token
persisted in local git config. Add persist-credentials: false to the
actions/checkout step to ensure the authentication token is not saved in the git
configuration.
In @.github/workflows/cd.yml:
- Around line 23-24: The Checkout code step using
actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 is missing the
persist-credentials: false configuration option. Add persist-credentials: false
as a parameter to the checkout action to prevent the GitHub token from being
retained in the git config for subsequent workflow steps, which is a security
hardening best practice.
In @.github/workflows/ci.yml:
- Line 25: The GitHub Actions workflow file has multiple uses of the
actions/checkout action that rely on default credential persistence, which is a
security best practice to disable. Add persist-credentials: false to every
actions/checkout step in the workflow. This applies at the following locations
in .github/workflows/ci.yml: anchor at line 25, and siblings at lines 48, 71-74,
90, 127, 162, 205, 236, 259, and 282. For the checkout step at lines 71-74,
preserve the existing fetch-depth: 0 parameter and add persist-credentials:
false as an additional parameter in the same uses statement.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 46899f63-5410-4009-9e0b-ea36f329867b
📒 Files selected for processing (3)
.github/workflows/cd-pypi-cli.yml.github/workflows/cd.yml.github/workflows/ci.yml
renovate
Bot
force-pushed
the
renovate/actions-checkout-digest
branch
from
106e7bc to
7c1b2fe
Compare
renovate
Bot
force-pushed
the
renovate/actions-checkout-digest
branch
from
7c1b2fe to
ca1f7f3
Compare
This PR contains the following updates:
de0fac2→df4cb1cConfiguration
📅 Schedule: (in timezone UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.