Skip to content

fix: filter PR reviews and inline review comments to trigger time#1385

Merged
ashwin-ant merged 1 commit into
anthropics:mainfrom
EffortlessSteven:claude/filter-reviews-trigger-time
Jun 22, 2026
Merged

fix: filter PR reviews and inline review comments to trigger time#1385
ashwin-ant merged 1 commit into
anthropics:mainfrom
EffortlessSteven:claude/filter-reviews-trigger-time

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Contributor

What this does

A PR review or inline review comment submitted or edited after an authorized @claude trigger reaches Claude's prompt verbatim, bypassing the trigger-time (TOCTOU) filter that issue/PR comments (#512) and the body (#710) already get. fetchGitHubData filtered reviewData by actor only; the review trigger-time filter existed but was wired only to image downloads, never to the data the prompt is built from.

Fix: reviews and inline review comments are now trigger-time filtered like comments and the body, so nothing added or edited at/after the trigger reaches the prompt. No-trigger-time events (issues/pull_request) are unchanged.

Verification

Red on main, green after.

Check Result
post-trigger + edited-after reviews unpatched all 3, patched 1 (pre-trigger)
inline review comments unpatched keeps created/edited-after, patched only pre-trigger
time + actor compose pre-trigger human kept; bot and post-trigger dropped
no trigger time all reviews returned, unchanged
tsc, prettier, bun test clean / 701 passed

Review map

  • src/github/data/fetcher.ts: trigger-time filter reviewData.nodes (filterReviewsToTriggerTime) and each review's comments (filterCommentsToTriggerTime) alongside the actor filter; image lists derive from the filtered nodes.
  • test/data-fetcher.test.ts: assert post-trigger/edited-after reviews and comments are dropped (previously asserted the unfiltered count); add a time + actor composition test.

Issue/PR comments (anthropics#512) and the issue/PR body (anthropics#710) are filtered to the
trigger timestamp so content created or edited after an authorized trigger
cannot be injected into Claude's prompt (TOCTOU protection). Reviews and
inline review comments were not: fetchGitHubData returned reviewData filtered
by actor only, and formatReviewComments renders it into the prompt, so a
review submitted or edited after the trigger reached Claude verbatim.

filterReviewsToTriggerTime already existed (added alongside the comment filter
in anthropics#512) but was only wired to the image-download list, never to the returned
reviewData.

Filter reviewData.nodes through filterReviewsToTriggerTime and each review's
inline comments through filterCommentsToTriggerTime, alongside the existing
actor filter, then build the review image-processing lists from those
already-filtered nodes (removing a now-redundant second filter pass).
Strengthen the two integration tests to assert post-trigger and edited-after
reviews/comments are dropped.
@ashwin-ant ashwin-ant merged commit 6b80630 into anthropics:main Jun 22, 2026
6 of 36 checks passed
mergify Bot added a commit to ArcadeData/arcadedb that referenced this pull request Jun 29, 2026
Bumps the github-actions group with 4 updates: [actions/setup-python](https://github.com/actions/setup-python), [actions/setup-java](https://github.com/actions/setup-java), [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [actions/setup-dotnet](https://github.com/actions/setup-dotnet).
Updates `actions/setup-python` from 6.2.0 to 6.3.0
Release notes

*Sourced from [actions/setup-python's releases](https://github.com/actions/setup-python/releases).*

> v6.3.0
> ------
>
> What's Changed
> --------------
>
> ### Enhancement
>
> * Add RHEL support and include Linux distro in cache keys by [`@​priyagupta108`](https://github.com/priyagupta108) in [actions/setup-python#1323](https://redirect.github.com/actions/setup-python/pull/1323)
> * Fix pip cache error handling on Windows by [`@​priyagupta108`](https://github.com/priyagupta108) in [actions/setup-python#1040](https://redirect.github.com/actions/setup-python/pull/1040)
>
> ### Dependency update
>
> * Upgrade minimatch from 3.1.2 to 3.1.5 by [`@​dependabot`](https://github.com/dependabot) in [actions/setup-python#1281](https://redirect.github.com/actions/setup-python/pull/1281)
> * Upgrade actions dependencies by [`@​gowridurgad`](https://github.com/gowridurgad) with [`@​Copilot`](https://github.com/Copilot) in [actions/setup-python#1303](https://redirect.github.com/actions/setup-python/pull/1303)
> * Upgrade `@​actions/cache` to 5.1.0, log cache write denied by [`@​jasongin`](https://github.com/jasongin) in [actions/setup-python#1324](https://redirect.github.com/actions/setup-python/pull/1324)
> * Upgrade dependency versions and test workflow configuration by [`@​HarithaVattikuti`](https://github.com/HarithaVattikuti) in [actions/setup-python#1322](https://redirect.github.com/actions/setup-python/pull/1322)
>
> ### Documentation
>
> * Update advanced-usage.md by [`@​Dunky-Z`](https://github.com/Dunky-Z) in [actions/setup-python#811](https://redirect.github.com/actions/setup-python/pull/811)
>
> New Contributors
> ----------------
>
> * [`@​gowridurgad`](https://github.com/gowridurgad) with [`@​Copilot`](https://github.com/Copilot) made their first contribution in [actions/setup-python#1303](https://redirect.github.com/actions/setup-python/pull/1303)
> * [`@​jasongin`](https://github.com/jasongin) made their first contribution in [actions/setup-python#1324](https://redirect.github.com/actions/setup-python/pull/1324)
> * [`@​Dunky-Z`](https://github.com/Dunky-Z) made their first contribution in [actions/setup-python#811](https://redirect.github.com/actions/setup-python/pull/811)
>
> **Full Changelog**: <actions/setup-python@v6...v6.3.0>


Commits

* [`ece7cb0`](actions/setup-python@ece7cb0) Fix pip cache error handling on Windows. ([#1040](https://redirect.github.com/actions/setup-python/issues/1040))
* [`1d18d7a`](actions/setup-python@1d18d7a) Update advanced-usage.md ([#811](https://redirect.github.com/actions/setup-python/issues/811))
* [`d2b357a`](actions/setup-python@d2b357a) Update dependency versions and test workflow configuration ([#1322](https://redirect.github.com/actions/setup-python/issues/1322))
* [`8f639b1`](actions/setup-python@8f639b1) Merge pull request [#1324](https://redirect.github.com/actions/setup-python/issues/1324) from jasongin/update-actions-cache-5.1.0
* [`6731c2b`](actions/setup-python@6731c2b) Resolve high-severity audit issues
* [`0cb1a84`](actions/setup-python@0cb1a84) Add RHEL support and include Linux distro in cache keys ([#1323](https://redirect.github.com/actions/setup-python/issues/1323))
* [`dc6eab6`](actions/setup-python@dc6eab6) Update dist
* [`6f4b74b`](actions/setup-python@6f4b74b) Strict equality
* [`fa8bde1`](actions/setup-python@fa8bde1) Bump `@​actions/cache` to 5.1.0, log cache write denied
* [`c8813ba`](actions/setup-python@c8813ba) Upgrade [`@​actions`](https://github.com/actions) dependencies and update licenses ([#1303](https://redirect.github.com/actions/setup-python/issues/1303))
* Additional commits viewable in [compare view](actions/setup-python@a309ff8...ece7cb0)
  
Updates `actions/setup-java` from 5.3.0 to 5.4.0
Release notes

*Sourced from [actions/setup-java's releases](https://github.com/actions/setup-java/releases).*

> v5.4.0
> ------
>
> What's Changed
> --------------
>
> * Bump `@​typescript-eslint/parser` from 8.48.0 to 8.61.1 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-java#1021](https://redirect.github.com/actions/setup-java/pull/1021)
> * Fix codeql workflow permissions by [`@​jsoref`](https://github.com/jsoref) in [actions/setup-java#993](https://redirect.github.com/actions/setup-java/pull/993)
> * fix CodeQL permissions by [`@​gdams`](https://github.com/gdams) in [actions/setup-java#1025](https://redirect.github.com/actions/setup-java/pull/1025)
> * fix: reject non-semver candidate versions in isVersionSatisfies by [`@​sproctor`](https://github.com/sproctor) in [actions/setup-java#1009](https://redirect.github.com/actions/setup-java/pull/1009)
> * Bump `@​actions/cache` to 5.1.0, handle cache write denied by [`@​jasongin`](https://github.com/jasongin) in [actions/setup-java#1026](https://redirect.github.com/actions/setup-java/pull/1026)
> * Add Maven Wrapper cache feature by [`@​mahabaleshwars`](https://github.com/mahabaleshwars) in [actions/setup-java#1027](https://redirect.github.com/actions/setup-java/pull/1027)
> * Spelling by [`@​jsoref`](https://github.com/jsoref) in [actions/setup-java#713](https://redirect.github.com/actions/setup-java/pull/713)
> * add link to advanced configuration for JetBrains by [`@​robstoll`](https://github.com/robstoll) in [actions/setup-java#850](https://redirect.github.com/actions/setup-java/pull/850)
> * docs(action): fix missing required or default fields by [`@​kranthipoturaju`](https://github.com/kranthipoturaju) in [actions/setup-java#1007](https://redirect.github.com/actions/setup-java/pull/1007)
> * feat: add microsoft openjdk 17.0.18 by [`@​al-kau`](https://github.com/al-kau) in [actions/setup-java#1002](https://redirect.github.com/actions/setup-java/pull/1002)
> * Update README.md - use "alert syntax for Markdown" for notes by [`@​mhoffrog`](https://github.com/mhoffrog) in [actions/setup-java#924](https://redirect.github.com/actions/setup-java/pull/924)
> * Bump undici from 6.24.1 to 6.27.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-java#1033](https://redirect.github.com/actions/setup-java/pull/1033)
> * Update contributor guide with emoji for clarity by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1028](https://redirect.github.com/actions/setup-java/pull/1028)
> * add javac problem matcher by [`@​Trass3r`](https://github.com/Trass3r) in [actions/setup-java#562](https://redirect.github.com/actions/setup-java/pull/562)
> * Clarify README version syntax and migration guidance by [`@​brunoborges`](https://github.com/brunoborges) with [`@​Copilot`](https://github.com/Copilot) in [actions/setup-java#1038](https://redirect.github.com/actions/setup-java/pull/1038)
> * Update undici artifacts to 6.27.0 (license cache + dist) by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1040](https://redirect.github.com/actions/setup-java/pull/1040)
> * docs: enhance custom jdk file installation by [`@​stephanabel`](https://github.com/stephanabel) in [actions/setup-java#996](https://redirect.github.com/actions/setup-java/pull/996)
> * Templates for new Java distributions by [`@​panticmilos`](https://github.com/panticmilos) in [actions/setup-java#429](https://redirect.github.com/actions/setup-java/pull/429)
> * Bump actions/checkout from 6 to 7 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-java#1032](https://redirect.github.com/actions/setup-java/pull/1032)
> * Bump `@​types/node` from 25.9.3 to 26.0.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [actions/setup-java#1031](https://redirect.github.com/actions/setup-java/pull/1031)
> * docs: replace non-existent HelloWorldApp references with java --version by [`@​brunoborges`](https://github.com/brunoborges) with [`@​Copilot`](https://github.com/Copilot) in [actions/setup-java#1043](https://redirect.github.com/actions/setup-java/pull/1043)
> * docs: add JavaFX Maven project configuration instructions by [`@​brunoborges`](https://github.com/brunoborges) with [`@​Copilot`](https://github.com/Copilot) in [actions/setup-java#1044](https://redirect.github.com/actions/setup-java/pull/1044)
> * docs: self-signed certificate / internal CA handling for GitHub Enterprise by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1050](https://redirect.github.com/actions/setup-java/pull/1050)
> * docs: document importing an internal CA into the installed JDK (cacerts) by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1051](https://redirect.github.com/actions/setup-java/pull/1051)
> * chore: Harden workflows: least-privilege permissions + zizmor integration by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1039](https://redirect.github.com/actions/setup-java/pull/1039)
> * dist: Add GraalVM Community distribution support by [`@​brunoborges`](https://github.com/brunoborges) with [`@​Copilot`](https://github.com/Copilot) in [actions/setup-java#1042](https://redirect.github.com/actions/setup-java/pull/1042)
> * docs: note jdkfile approach for Early Access / unreleased JDK builds by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1058](https://redirect.github.com/actions/setup-java/pull/1058)
> * dist: Apply Copilot review suggestions from PR [#1042](https://redirect.github.com/actions/setup-java/issues/1042) (GraalVM Community) by [`@​brunoborges`](https://github.com/brunoborges) in [actions/setup-java#1059](https://redirect.github.com/actions/setup-java/pull/1059)
>
> New Contributors
> ----------------
>
> * [`@​jsoref`](https://github.com/jsoref) made their first contribution in [actions/setup-java#993](https://redirect.github.com/actions/setup-java/pull/993)
> * [`@​sproctor`](https://github.com/sproctor) made their first contribution in [actions/setup-java#1009](https://redirect.github.com/actions/setup-java/pull/1009)
> * [`@​jasongin`](https://github.com/jasongin) made their first contribution in [actions/setup-java#1026](https://redirect.github.com/actions/setup-java/pull/1026)
> * [`@​robstoll`](https://github.com/robstoll) made their first contribution in [actions/setup-java#850](https://redirect.github.com/actions/setup-java/pull/850)
> * [`@​kranthipoturaju`](https://github.com/kranthipoturaju) made their first contribution in [actions/setup-java#1007](https://redirect.github.com/actions/setup-java/pull/1007)
> * [`@​al-kau`](https://github.com/al-kau) made their first contribution in [actions/setup-java#1002](https://redirect.github.com/actions/setup-java/pull/1002)
> * [`@​mhoffrog`](https://github.com/mhoffrog) made their first contribution in [actions/setup-java#924](https://redirect.github.com/actions/setup-java/pull/924)
> * [`@​brunoborges`](https://github.com/brunoborges) made their first contribution in [actions/setup-java#1028](https://redirect.github.com/actions/setup-java/pull/1028)
> * [`@​Trass3r`](https://github.com/Trass3r) made their first contribution in [actions/setup-java#562](https://redirect.github.com/actions/setup-java/pull/562)
> * [`@​stephanabel`](https://github.com/stephanabel) made their first contribution in [actions/setup-java#996](https://redirect.github.com/actions/setup-java/pull/996)
>
> **Full Changelog**: <actions/setup-java@v5...v5.4.0>


Commits

* [`1bcf9fb`](actions/setup-java@1bcf9fb) dist: Address Copilot review suggestions from PR [#1042](https://redirect.github.com/actions/setup-java/issues/1042) (GraalVM Community) (#...
* [`fa2c650`](actions/setup-java@fa2c650) docs: note jdkfile approach for Early Access / unreleased JDK builds ([#1058](https://redirect.github.com/actions/setup-java/issues/1058))
* [`1d56e31`](actions/setup-java@1d56e31) dist: Add GraalVM Community distribution support ([#1042](https://redirect.github.com/actions/setup-java/issues/1042))
* [`1d25252`](actions/setup-java@1d25252) chore: Harden workflows: least-privilege permissions + zizmor integration ([#1](https://redirect.github.com/actions/setup-java/issues/1)...
* [`668c1ea`](actions/setup-java@668c1ea) docs: add post-install keytool import for the JDK cacerts trust store ([#1051](https://redirect.github.com/actions/setup-java/issues/1051))
* [`a9a46fb`](actions/setup-java@a9a46fb) docs: document self-signed certificate / internal CA handling for GitHub Ente...
* [`5431e71`](actions/setup-java@5431e71) docs: add JavaFX Maven project configuration instructions ([#1044](https://redirect.github.com/actions/setup-java/issues/1044))
* [`4baa9b4`](actions/setup-java@4baa9b4) docs: replace non-existent HelloWorldApp references with java --version ([#1043](https://redirect.github.com/actions/setup-java/issues/1043))
* [`eab4b08`](actions/setup-java@eab4b08) Bump `@​types/node` from 25.9.3 to 26.0.0 ([#1031](https://redirect.github.com/actions/setup-java/issues/1031))
* [`bf0c0e6`](actions/setup-java@bf0c0e6) Bump actions/checkout from 6 to 7 ([#1032](https://redirect.github.com/actions/setup-java/issues/1032))
* Additional commits viewable in [compare view](actions/setup-java@ad2b381...1bcf9fb)
  
Updates `anthropics/claude-code-action` from 1.0.153 to 1.0.159
Release notes

*Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).*

> v1.0.159
> --------
>
> What's Changed
> --------------
>
> * fix: bound app token revocation cleanup by [`@​tarunag10`](https://github.com/tarunag10) in [anthropics/claude-code-action#1437](https://redirect.github.com/anthropics/claude-code-action/pull/1437)
>
> New Contributors
> ----------------
>
> * [`@​tarunag10`](https://github.com/tarunag10) made their first contribution in [anthropics/claude-code-action#1437](https://redirect.github.com/anthropics/claude-code-action/pull/1437)
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.159>
>
> v1.0.158
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.158>
>
> v1.0.157
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.157>
>
> v1.0.156
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.156>
>
> v1.0.155
> --------
>
> What's Changed
> --------------
>
> * fix: filter PR reviews and inline review comments to trigger time by [`@​EffortlessSteven`](https://github.com/EffortlessSteven) in [anthropics/claude-code-action#1385](https://redirect.github.com/anthropics/claude-code-action/pull/1385)
> * test: cover format-turns content-type fallbacks and system\_other handling by [`@​farmer-data`](https://github.com/farmer-data) in [anthropics/claude-code-action#1421](https://redirect.github.com/anthropics/claude-code-action/pull/1421)
> * fix: allow @ in branch names (valid per git-check-ref-format) by [`@​bellalMohamed`](https://github.com/bellalMohamed) in [anthropics/claude-code-action#1411](https://redirect.github.com/anthropics/claude-code-action/pull/1411)
>
> New Contributors
> ----------------
>
> * [`@​EffortlessSteven`](https://github.com/EffortlessSteven) made their first contribution in [anthropics/claude-code-action#1385](https://redirect.github.com/anthropics/claude-code-action/pull/1385)
> * [`@​farmer-data`](https://github.com/farmer-data) made their first contribution in [anthropics/claude-code-action#1421](https://redirect.github.com/anthropics/claude-code-action/pull/1421)
> * [`@​bellalMohamed`](https://github.com/bellalMohamed) made their first contribution in [anthropics/claude-code-action#1411](https://redirect.github.com/anthropics/claude-code-action/pull/1411)
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.155>
>
> v1.0.154
> --------
>
> **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.154>


Commits

* [`a92e7c7`](anthropics/claude-code-action@a92e7c7) chore: bump Claude Code to 2.1.195 and Agent SDK to 0.3.195
* [`f8076dc`](anthropics/claude-code-action@f8076dc) fix: bound app token revocation cleanup ([#1437](https://redirect.github.com/anthropics/claude-code-action/issues/1437))
* [`5211368`](anthropics/claude-code-action@5211368) chore: bump Claude Code to 2.1.193 and Agent SDK to 0.3.193
* [`428971d`](anthropics/claude-code-action@428971d) chore: bump Claude Code to 2.1.191 and Agent SDK to 0.3.191
* [`74eedf1`](anthropics/claude-code-action@74eedf1) chore: bump Claude Code to 2.1.190 and Agent SDK to 0.3.190
* [`80b3182`](anthropics/claude-code-action@80b3182) chore: bump Claude Code to 2.1.187 and Agent SDK to 0.3.187
* [`360be9c`](anthropics/claude-code-action@360be9c) fix: allow @ in branch names (valid per git-check-ref-format) ([#1411](https://redirect.github.com/anthropics/claude-code-action/issues/1411))
* [`e452eb9`](anthropics/claude-code-action@e452eb9) test: cover format-turns content-type fallbacks and system\_other handling ([#1](https://redirect.github.com/anthropics/claude-code-action/issues/1)...
* [`6b80630`](anthropics/claude-code-action@6b80630) fix: filter PR reviews and inline review comments to trigger time ([#1385](https://redirect.github.com/anthropics/claude-code-action/issues/1385))
* [`30544b6`](anthropics/claude-code-action@30544b6) chore: bump Claude Code to 2.1.186 and Agent SDK to 0.3.186
* See full diff in [compare view](anthropics/claude-code-action@2fee155...a92e7c7)
  
Updates `actions/setup-dotnet` from 5.3.0 to 5.4.0
Release notes

*Sourced from [actions/setup-dotnet's releases](https://github.com/actions/setup-dotnet/releases).*

> v5.4.0
> ------
>
> What's Changed
> --------------
>
> ### Enhancements
>
> * Improve global.json SDK version validation for rollForward by [`@​priyagupta108`](https://github.com/priyagupta108) in [actions/setup-dotnet#742](https://redirect.github.com/actions/setup-dotnet/pull/742)
> * Pin actions to commit SHAs in workflows by [`@​priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-dotnet#744](https://redirect.github.com/actions/setup-dotnet/pull/744)
> * Expand the CSC problem matcher to light up more errors on GitHub. by [`@​StephenCleary`](https://github.com/StephenCleary) in [actions/setup-dotnet#717](https://redirect.github.com/actions/setup-dotnet/pull/717)
>
> ### Documentation
>
> * Docs(action): Explicitly mark all optional inputs with required: false by [`@​kranthipoturaju`](https://github.com/kranthipoturaju) in [actions/setup-dotnet#737](https://redirect.github.com/actions/setup-dotnet/pull/737)
>
> ### Bug Fixes
>
> * Fix global.json creation command by [`@​michal2612`](https://github.com/michal2612) in [actions/setup-dotnet#694](https://redirect.github.com/actions/setup-dotnet/pull/694)
>
> ### Dependency Updates
>
> * Upgrade `@​actions/cache` to 5.1.0, log cache write denied by [`@​jasongin`](https://github.com/jasongin) in [actions/setup-dotnet#746](https://redirect.github.com/actions/setup-dotnet/pull/746)
>
> New Contributors
> ----------------
>
> * [`@​jasongin`](https://github.com/jasongin) made their first contribution in [actions/setup-dotnet#746](https://redirect.github.com/actions/setup-dotnet/pull/746)
> * [`@​michal2612`](https://github.com/michal2612) made their first contribution in [actions/setup-dotnet#694](https://redirect.github.com/actions/setup-dotnet/pull/694)
> * [`@​kranthipoturaju`](https://github.com/kranthipoturaju) made their first contribution in [actions/setup-dotnet#737](https://redirect.github.com/actions/setup-dotnet/pull/737)
> * [`@​StephenCleary`](https://github.com/StephenCleary) made their first contribution in [actions/setup-dotnet#717](https://redirect.github.com/actions/setup-dotnet/pull/717)
>
> **Full Changelog**: <actions/setup-dotnet@v5...v5.4.0>


Commits

* [`26b0ec1`](actions/setup-dotnet@26b0ec1) Expand the CSC problem matcher to light up more errors on GitHub. ([#717](https://redirect.github.com/actions/setup-dotnet/issues/717))
* [`da5e548`](actions/setup-dotnet@da5e548) docs(action): explicitly mark all optional inputs with required: false ([#737](https://redirect.github.com/actions/setup-dotnet/issues/737))
* [`9bd3b44`](actions/setup-dotnet@9bd3b44) Improve readability of global.json creation command ([#694](https://redirect.github.com/actions/setup-dotnet/issues/694))
* [`4406a63`](actions/setup-dotnet@4406a63) Bump `@​actions/cache` to 5.1.0, log cache write denied ([#746](https://redirect.github.com/actions/setup-dotnet/issues/746))
* [`dc3262d`](actions/setup-dotnet@dc3262d) pin actions to commit SHAs in workflows ([#744](https://redirect.github.com/actions/setup-dotnet/issues/744))
* [`95a3f8b`](actions/setup-dotnet@95a3f8b) Validate global.json SDK version before rollForward optimization ([#742](https://redirect.github.com/actions/setup-dotnet/issues/742))
* See full diff in [compare view](actions/setup-dotnet@9a946fd...26b0ec1)
  
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore  major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore  minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore  ` will remove the ignore condition of the specified dependency and ignore conditions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants