Atlantis #github-prs

GitHub

10/03/2025, 1:06 AM

#5853 chore(deps): update docker/login-action digest to 5e57cd1 in .github/workflows/testing-env-image.yml (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

GitHub

10/03/2025, 2:03 AM

#5678 fix: delete pending plans Pull request opened by lee2sh ## what When no projects are found for planning, delete stale plans and locks ## why Sometimes, after committing a change and later deciding to revert it within the same pull request using a force push, Atlantis marks the PR with "no project" and skips deleting the previously generated plan. However, after approval, running atlantis apply can still apply the stale plan, which should no longer be valid. This behavior seems incorrect, as stale plans should be invalidated and not applied. runatlantis/atlantis

GitHub

10/04/2025, 5:01 PM

#5855 chore: Bump versions of CA certificates and curl Pull request opened by lukemassa ## what Bump versions of CA certificates and curl ## why I noticed a build failure in unrelated PR https://github.com/runatlantis/atlantis/actions/runs/18247012155/job/51956320854?pr=5851 ## tests N/A, attempting to fix tests. ## references N/A runatlantis/atlantis

GitHub

10/04/2025, 11:06 PM

#5856 chore: Close backend on shutdown Pull request opened by lukemassa ## what Close the backend when the server shuts down. ## why Best practices to cleanup. Make sure things are correctly persisted, no leaks, etc. ## tests I ran the server and ctrl+c and watched it say a message about closing. It's hard to actually "trigger" an error on close for boltdb, but I added some unit tests for the actual function. Note that I used go's new "synctest" which allows you to write tests using a "fake timer", so the tests don't have to wait for timeouts to occur. ## references N/A runatlantis/atlantis

GitHub

10/05/2025, 1:08 AM

#5857 feat: Use go 1.25 Pull request opened by lukemassa ## what Use golang 1.25 ## why It's been out for a few months, no reason not to. I realized after I opened this that renovate is trying to do this, but that PR (#5824) has some issues: • For some reason picked a non-alpine base image, which breaks the build • Didn't update .tool-versions • Mismatched the update (1.25.0 in some places, 1.25.1 in others) ## tests I ran the server, seems to work ok. ## references N/A runatlantis/atlantis

GitHub

10/05/2025, 3:56 AM

#5858 chore: Use newer golanglint Pull request opened by lukemassa ## what Use a newer version of golang lint ## why Keeping things up-to-date. Specifically I'd like to upgrade to golang 1.25, but it looks like our golanglint isn't supported. I used the

golangci-lint migrate

followed by

golangci-lint run --fix

to do most of the work here, the rest was mostly making error values conform to golang conventions. ## tests Just running tests. ## references N/A runatlantis/atlantis

GitHub

10/05/2025, 3:58 AM

#5859 chore(deps): update github/codeql-action digest to 64d10c1 in .github/workflows/codeql.yml (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

GitHub

10/05/2025, 4:40 AM

#5850 feat: Add reason to is mergeable Pull request opened by lukemassa ## what Adds ability to specify "reason" why a PR is not mergeable. ## why Right now when a PR is not mergeable there's a generic message

Copy code

Pull request must be mergeable before running

I made it so PullIsMergeable can return an optional

Reason

that is appended at the end of the above message:

Copy code

Pull request must be mergeable before running (Some reason)

Mergeability is subtle and complex, and varies by VCS, such that it would be useful to have the VCS expose a bit more information as to why they are skipping mergability. In addition, it would help clarify why certain PRs were considered unmergeable, and resolve ambiguities. For now I've only added a few "reasons", but VCS authors should be able to easily add more. In addition this solution is backwards compatible: if no reason if specified we continue to return the same generic message. ## tests Updated tests as I went; for VCSs other than github it should be a no-op for now. In the future we can add more detail to them as well. I also tested by creating a PR that would have a merge conflict and saw the output as expected: [Screenshot 2025-10-05 at 12 50 31 AM](https://private-user-images.githubusercontent.com/2678195/497513189-e6779611-3bd6-470f-aad3-9956975d2913.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NTk3MjA0MjYsIm5iZiI6MTc1OTcyMDEyNiwicGF0aCI6Ii8yNjc4MTk1LzQ5NzUxMzE4OS1lNjc3OTYxMS0zYmQ2LTQ3MGYtYWFkMy05OTU2OTc1ZDI5MTMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MTAwNiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTEwMDZUMDMwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NzViMTNkZTQ0MDVmODA3ZjkwMGViNDZlMWUwZTFmNjVlYjUyY2UxMmNhY2Y3MDRjZjE1NDA3M2Y2OGUzYWMxZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.6fU4H7yV9FJSFiFWvHMqDeP8JlACIMWfqRkuzifF4_I) ## references closes: #999 runatlantis/atlantis

GitHub

10/06/2025, 12:57 AM

#5860 chore(deps): update ngrok/ngrok:latest docker digest to 0dd920e in docker-compose.yml (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

. This notice will be removed on 2025-10-07. --- This PR contains the following updates: | Package | Update | Change | | ----------- | ------ | ------------------ | | ngrok/ngrok | digest | 6909ec0 -> 0dd920e | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/06/2025, 2:33 AM

#5861 chore(deps): update redis:7.4-alpine docker digest to 7a7c6b5 in docker-compose.yml (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

. This notice will be removed on 2025-10-07. --- This PR contains the following updates: | Package | Update | Change | | ------- | ------ | ------------------ | | redis | digest | bb186d0 -> 7a7c6b5 | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/06/2025, 3:11 AM

#5862 chore(deps): update dependency @playwright/test to v1.55.1 in package.json (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

. This notice will be removed on 2025-10-07. --- This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------------------------------------- | --------------- | ------ | -------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [@playwright/test](https://playwright.dev) ([source](https://redirect.github.com/microsoft/playwright)) | devDependencies | patch | [1.55.0 -> 1.55.1](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.55.0/1.55.1) | [[OpenSSF Scorecard](https://camo.githubusercontent.com/b704a4066dce71232654bf39c03e5a6655e421664877e1dfa13e2a2b9183006b/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6d6963726f736f66742f706c61797772696768742f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/microsoft/playwright) | --- ### Release Notes microsoft/playwright (@playwright/test) ### `v1.55.1` Compare Source ##### Highlights #37479 - [Bug]: Upgrade Chromium to 140.0.7339.186. #37147 - [Regression]: Internal error: step id not found. #37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects. #37137 - Revert "fix(a11y): track inert elements as hidden". #### Browser Versions • Chromium 140.0.7339.186 • Mozilla Firefox 141.0 • WebKit 26.0 This version was also tested against the following stable channels: • Google Chrome 139 • Microsoft Edge 139 --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/07/2025, 1:24 AM

#5863 feat: Add reasons to gitlab is mergeable Pull request opened by lukemassa ## what Add reasons to gitlab's IsMergeable. ## why Introduced ability to add reasons in #5850, adding it to gitlab now. I had to refactor the logic a bit to get the reasons, I think it's a bit clearer now. I also added a number of tests that weren't being covered. In addition I noticed that the IDs for

ciMustPassSuccessMR

and

ciMustPassFailureMR

were both returning the identical file, so I merged them into one. The

MR

variables being so far away from where they were mapped to their bytes I think was causing some of this drift, so hopefully moving those together and making the API logic more mechanical will help prevent that. ## tests Added a number of unit tests, and also tested the refactor by running the old code against the new unit tests with

Reason

commented out.

Copy code

atlantis % git checkout main -- server/events/vcs/gitlab_client.go
atlantis % sed -i'' '/Reason:/d server/events/vcs/gitlab_client_test.go
atlantis % go test ./server/events/vcs                                  
ok  	<http://github.com/runatlantis/atlantis/server/events/vcs|github.com/runatlantis/atlantis/server/events/vcs>	14.622s

## references N/A runatlantis/atlantis

GitHub

10/07/2025, 1:52 AM

#5864 chore(deps): update dependency vue to v3.5.22 in package.json (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

. This notice will be removed on 2025-10-07. --- This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------------------------------------------------------------ | --------------- | ------ | ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [vue](https://redirect.github.com/vuejs/core/tree/main/packages/vue#readme) ([source](https://redirect.github.com/vuejs/core)) | devDependencies | patch | [3.5.21 -> 3.5.22](https://renovatebot.com/diffs/npm/vue/3.5.21/3.5.22) | [[OpenSSF Scorecard](https://camo.githubusercontent.com/4604f69472f217964dd83570eb2a08ef4a83c103858e8ef004c0f01adc1c80da/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f7675656a732f636f72652f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/vuejs/core) | --- Warning Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes vuejs/core (vue) ### `v3.5.22` Compare Source ##### Bug Fixes • compiler-core: identifiers in switch-case should not be inferred as references (#13923) (5953c9f) • compiler-dom: nodes with v-once shouldn't be stringified (#13878) (95c1975) • compiler-sfc: add support for

@vue-ignore

in runtime type resolution (#13906) (ba7f7f9) • compiler-sfc: enhance inferRuntimeType to support TSMappedType with indexed access (#13848) (e388f1a), closes #13847 • compiler-sfc: ensure css custom properties do not start with a digit (#13870) (9c27951) • compiler-sfc: ensure props bindings register before compiling template (#13922) (abd5638), closes #13920 • compiler-ssr: ensure v-show has a higher priority in SSR (#12171) (836b829), closes #12162 • custom-element: properly mount multiple Teleports in custom element component w/ shadowRoot false (#13900) (5e1e791), closes #13899 • custom-element: set prop runs pending mutations before disconnect (#13897) (c4a88cd), closes #13315 • custom-element: use

PatchFlags.BAIL

for slot when props are present (#13907) (5358bca), closes #13904 • reactivity: respect readonly during ref unwrapping (#13905) (aba7fed), closes #13903 • reactivity: update iterator to check for completion instead of value presence (#13761) (2078f8b) • runtime-core: simplify block-tracking disabling in

helper (#13841) (75220c7) • transition-group: run

forceReflow

on the correct document (fix #13849) (#13853) (1be5ddf) • types: more precise types for Events and added missing definitions (#9675) (8bb8fb2) • types: set dom stub type to

never

instead of

{}

(#13915) (8620a61), closes #11564 • types: widen directive arg type from string to any (#13758) (4b71706), closes #13757 ##### Features • custom-element: allow specifying additional options for

shadowRoot

in custom elements (#12965) (47e628d), closes #12964 ##### Reverts • Revert "fix(hmr): prevent VUE_HMR_RUNTIME from being overwritten by vue runtime in 3rd-party libraries" (#13925) (6b68f72), closes #13925 --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry c… runatlantis/atlantis

GitHub

10/07/2025, 3:01 AM

#5865 chore(deps): update github/codeql-action action to v3.30.5 in .github/workflows/scorecard.yml (main) Pull request opened by renovate[bot] Note Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to

mend[bot]

. This notice will be removed on 2025-10-07. --- This PR contains the following updates: | Package | Type | Update | Change | Pending | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | v3.30.3 -> v3.30.5 | v3.30.6 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Release Notes github/codeql-action (github/codeql-action) ### `v3.30.5` Compare Source ### CodeQL Action Changelog See the releases page for the relevant changes to the CodeQL CLI and language packs. #### 3.30.5 - 26 Sep 2025 • We fixed a bug that was introduced in

3.30.4

with

upload-sarif

which resulted in files without a

.sarif

extension not getting uploaded. #3160 See the full CHANGELOG.md for more information. ### `v3.30.4` Compare Source ##### CodeQL Action Changelog See the releases page for the relevant changes to the CodeQL CLI and language packs. ##### 3.30.4 - 25 Sep 2025 • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the

codeql-action/init

step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the

codeql-action/init

step. #3099 and #3100 • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107 • You can now run the latest CodeQL nightly bundle by passing

tools: nightly

to the

init

action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130 • Update default CodeQL bundle version to 2.23.1. #3118 See the full CHANGELOG.md for more information. --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/07/2025, 3:39 AM

#5866 chore: Pull gitlab is mergeable logic into a helper function Pull request opened by lukemassa ## what Pull gitlab is mergeable logic into a helper function ## why It's easier to read and to test if the complex logic lives in its own "pure" function. Specifically, we didn't have any test for if a project has AllowMergeOnSkippedPipeline but we fail pipeline. This is because when added a few more tests here #5863, it was too difficult to mock in a separate project. I tried to do that in this PR, but it was really difficult to plumb into the mocked HTTP server, and honestly the logic we were testing was being spread around so much it really wasn't even a useful test. ## tests Added new tests ## references N/A runatlantis/atlantis

GitHub

10/07/2025, 5:25 AM

#5867 fix: Determine need_rebase as not a mergeable status Pull request opened by lukemassa ## what In Gitlab, make it so if a merge request is in status

needs_rebase

, then mark it as not mergeable. ## why Previously, when an MR was determined to be in the

need_rebase

status, we counted it as "mergeable", see #4402. Since then a number of bugs have been reported (#5826, #4025, #5124), indicating that users expect certain situations with

need_rebase

to be considered not mergeable. I dug in a bit, and it looks like it depends on how you have your project configured. If your Merge Method is set to "Merge commit with semi-linear history" or "Fast-forward merge", then gitlab is explicitly saying your MR is not able to be merged like so: [Screenshot 2025-10-07 at 1 18 52 AM](https://private-user-images.githubusercontent.com/2678195/498125497-c2d4a9b5-a1a3-4d85-98cd-b27bb0885b2b.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NTk5ODY0NTgsIm5iZiI6MTc1OTk4NjE1OCwicGF0aCI6Ii8yNjc4MTk1LzQ5ODEyNTQ5Ny1jMmQ0YTliNS1hMWEzLTRkODUtOThjZC1iMjdiYjA4ODViMmIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MTAwOSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTEwMDlUMDUwMjM4WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NDI3MjdkNWNmZWEyZTliM2NlYjkwNGIzNTU4MGI4MGVkZTg5NzU0MGYyYmJmYjZiZDZmZGQ2M2Q1NWM5YjM4YyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.4gSC2ng1KJtOszQYrVoguIrywFlMDV69-YcdYJHN49k) Indeed, if you successfully

apply

and have automerge set, it will fail to merge, leaving you in a bad state. [Screenshot 2025-10-07 at 1 18 14 AM](https://private-user-images.githubusercontent.com/2678195/498125353-4471f83f-7880-4a1c-a45c-522edf5017aa.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NTk5ODY0NTgsIm5iZiI6MTc1OTk4NjE1OCwicGF0aCI6Ii8yNjc4MTk1LzQ5ODEyNTM1My00NDcxZjgzZi03ODgwLTRhMWMtYTQ1Yy01MjJlZGY1MDE3YWEucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MTAwOSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTEwMDlUMDUwMjM4WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NzI3YjcwOGVlOGNmM2IxNDlkZDBlNTVmNTg1ODVlZGQxOTNlMDIyNTY1NDgyMGQ0OGVmZDE1MDYxMDhmYzA2YyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.1Wep1tDLgnIxlJXh9Lhbtg9Dh3biAypK_WWmfqClvuM) The VCS itself pretty clearly indicates that a given MR is "unmergeable" we should follow suit ## tests I added some tests, and also tried this out on a test repo by setting a

plan_requirement

mergeable

and pushing a stale branch. You'll note that gitlab has noted the MR is not able to be merged, which is reflected in the new error message in the comment. [Screenshot 2025-10-08 at 8 32 46 PM](https://private-user-images.githubusercontent.com/2678195/499117330-e2b644d0-5cc2-45a9-9672-641d8418e6c4.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NTk5ODY0NTgsIm5iZiI6MTc1OTk4NjE1OCwicGF0aCI6Ii8yNjc4MTk1LzQ5OTExNzMzMC1lMmI2NDRkMC01Y2MyLTQ1YTktOTY3Mi02NDFkODQxOGU2YzQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MTAwOSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTEwMDlUMDUwMjM4WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MmU3OTg0NGJiMzAxNjgwZmVkODk0ODk2YTU5OWE1OWRjYTNkYjJhYzczMTU0Y2E0MjhlMDRjOWRhM2I3MjA1ZSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.106KlBwM5Qglmc56j4pRvRJH-dEpEmHMQAU36HKbudA) Note also that, even in newer versions, the API can respond with:

Copy code

"merge_status": "can_be_merged",
  "detailed_merge_status": "need_rebase",

merge_status

was deprecated in 15.6 https://gitlab.com/gitlab-org/gitlab/-/issues/3169#note_1162532204; our code already detects version and uses detailed_merge_status if the server is new enough. However if it's not new enough we have to fall back to

merge_status

and we have no choice but to call such an MR "mergeable". This is reflected in the unit tests. Note also that the unit tests were a bit broken; they included

gitlabVersions

in the test struct but never used it, always used the variable

gitlabServerVersions

. I fixed this and it allowed me to test different behavior for different versions (presumably) as intended. ## references closes: #5826, #4025, and #5124 functionally reverts: #4402 runatlantis/atlantis

GitHub

10/08/2025, 12:00 AM

#5872 fix(deps): update module golang.org/x/term to v0.35.0 in go.mod (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Change | Age | Confidence | | ----------------- | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | golang.org/x/term | v0.34.0 -> v0.35.0 | [[age](https://camo.githubusercontent.com/1c12f8e500444be8ef01f0a22702f57db335cc54fe6cccfa565b54b19edda6db/68747470733a2f2f646576656c6f7065722e6d656e642e696f2f6170692f6d632f6261646765732f6167652f676f2f676f6c616e672e6f7267253266782532667465726d2f76302e33352e303f736c696d3d74727565)](https://docs.renovatebot.com/merge-confidence/) | [[confidence](https://camo.githubusercontent.com/e48a6655d9f09ec858f601be15101a44d65892cf4bd78984d1d0dad85e2729bd/68747470733a2f2f646576656c6f7065722e6d656e642e696f2f6170692f6d632f6261646765732f636f6e666964656e63652f676f2f676f6c616e672e6f7267253266782532667465726d2f76302e33342e302f76302e33352e303f736c696d3d74727565)](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/09/2025, 12:30 AM

#5873 chore(deps): update docker/dockerfile:1 docker digest to b6afd42 in dockerfile (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | -------------------------------------------------------------- | ------ | ------ | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [docker/dockerfile](https://redirect.github.com/moby/buildkit) | syntax | digest | dabfc09 -> b6afd42 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/e3d6c37c6c10fb3bfbbef0f6f6455d2b4600a9a5239c688c689178ec9ed85c7f/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6d6f62792f6275696c646b69742f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/moby/buildkit) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/09/2025, 7:53 PM

#5875 fix: Missing image signature for v0.36.0 release Pull request opened by robertchrk ## what The {}@${DIGEST} format is incorrect for cosign. When you append a digest to a tag like this, cosign interprets it as trying to sign a specific image digest, not the tag itself. What's Actually Happening The signing succeeds (you see "Successfully verified SCT...") But it's signing the wrong artifacts - it's creating signatures for the digest references, not the actual tags The signatures end up as sha256-* entries in the registry instead of being associated with the tags users pull. ## why Signatures are not shipped. ## tests N/A ## references N/A runatlantis/atlantis

GitHub

10/10/2025, 2:31 AM

#5876 chore(deps): update github/codeql-action digest to a8d1ac4 in .github/workflows/codeql.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | digest | 64d10c1 -> a8d1ac4 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/11/2025, 12:36 AM

#5878 chore(deps): update github/codeql-action digest to 755f449 in .github/workflows/codeql.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | digest | a8d1ac4 -> 755f449 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/11/2025, 9:24 PM

#5879 feat: Rename locking.Backend to db.Database Pull request opened by lukemassa ## what Renaming •

locking.Backend

db.Database

•

db.Boltdb

boltdb.Boltdb

## why The

locking.Backend

interface originally stored only locks, but has grown to include other data like pull status. Despite its name, it doesn't implement any locking logic, it relies on the underlying database's ACID properties for atomicity. The name is misleading and conflicts with the separate concept of "Terraform backend" used throughout the codebase. By renaming to

db.Database

and moving the BoltDB-specific implementation to its own

boltdb

package, we make it clear this is a generic database interface with multiple implementations (BoltDB, Redis), not a locking mechanism. ## tests This should ideally be a pure refactor, just a bunch of name changes. The actual move of the locking.Backend to db.Database is minimal and can be seen at once. A lot of the other changes are in mocks, which can be verified with

make go-generate

. I had Cursor look at all usages of the word

backend

in the code base and make sure to either change them or account for ``` atlantis % comm -23 <(git grep -i Backend | grep -v 'server/static/js/xterm' | sort) <(grep -v '^#' exceptions.txt | grep -v '^$' | sort) atlantis % atlantis % cat exceptions.txt # Exceptions for "backend" references - lines that are OK and don't need to be changed # ============================================================================ # Terraform Backends - References to Terraform's state backend system # ============================================================================ # CLI flags and descriptions cmd/server.go: " Only set if using TFC/E as a remote backend." + cmd/server.go: description: "Enable atlantis to run user defined policy checks. This is explicitly disabled for TFE/TFC backends since plan files are inaccessible.", # Documentation runatlantis.io/docs/custom-workflows.md:### Custom Backend Config runatlantis.io/docs/custom-workflows.md:If you need to specify the

-backend-config

flag to

terraform init

you'll need to use a custom workflow. runatlantis.io/docs/custom-workflows.md:In this example, we're using custom backend files to configure two remote states, one for each environment. runatlantis.io/docs/custom-workflows.md: extra_args: [-backend-config=staging.backend.tfvars] runatlantis.io/docs/custom-workflows.md: extra_args: [-backend-config=production.backend.tfvars] runatlantis.io/docs/custom-workflows.md:will complain in-between commands since the backend config has changed. runatlantis.io/docs/deployment.md:Cloud Storage Backend and TLS certs: [sethvargo atlantis-on-gke](https://github.com/sethvargo/atlantis-on-gke). runatlantis.io/docs/faq.md:Atlantis, by default, stores all locking and Terraform plans locally on disk under the

--data-dir

directory (defaults to

~/.atlantis

). If multiple Atlantis hosts are run by utilizing a shared redis backend, then it's important that the

data-dir

is using a shared filesystem between hosts. runatlantis.io/docs/provider-credentials.md:If you want to use

assume_role

with Atlantis and you're also using the [S3 Backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3), runatlantis.io/docs/provider-credentials.md: backend "s3" { runatlantis.io/docs/provider-credentials.md: # interpolations are not allowed in backend configuration runatlantis.io/docs/repo-level-atlantis-yaml.md:Run this in the root of your repository. This will use gnu

grep

to search terraform files for an S3 backend (terraform dir), retrieve the directory path, retrieve the unique entries, and then use

yq

to return the YAML of a simple project dir setup which can then be modified to your liking. runatlantis.io/docs/repo-level-atlantis-yaml.md:grep -P 'backend[\s]+"s3"' */.tf | runatlantis.io/docs/repo-level-atlantis-yaml.md:### Custom Backend Config runatlantis.io/docs/repo-level-atlantis-yaml.md:See [Custom Workflow Use Cases: Custom Backend Config](custom-workflows.md#custom-backend-config) runatlantis.io/docs/repo-level-atlantis-yaml.md:have multiple states in the same directory using

terraform init -backend-config=custom-config.tfvars

. runatlantis.io/docs/repo-level-atlantis-yaml.md:Atlantis supports this but requires the

name

key to be specified. See [Custom Backend Config](custom-workflows.md#custom-backend-config) for more details. runatlantis.io/docs/requirements.md:Atlantis supports all backend types except for local state. We don't support local state runatlantis.io/docs/terraform-cloud.md:via the [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/remote). runatlantis.io/docs/terraform-cloud.md:remote state backend now. # Test data - Terraform backend configurations server/controllers/events/testdata/test-repos/tfvars-yaml-no-autoplan/atlantis.yaml: extra_args: [-backend-config=default.backend.tfvars] server/controllers/events/testdata/test-repos/tfvars-yaml-no-autoplan/atlantis.yaml: extra_args: [-backend-config=staging.backend.tfvars] server/controllers/events/testdata/test-repos/tfvars-yaml-no-autoplan/main.tf: backend "local" { server/controllers/events/testdata/test-repos/tfvars-yaml/atlantis.yaml: extra_args: [-backend-config=default.backend.tfvars] server/controllers/events/testdata/test-repos/tfvars-yaml/atlantis.yaml: extra_args: [-backend-config=staging.backend.tfvars] server/controllers/events/testdata/test-repos/tfvars-yaml/main.tf: backend "local" { # Runtime code - Terraform remote backend handling server/core/runtime/apply_step_runner_internal_test.go:Running apply in the remote backend. Output will stream here. Pressing Ctrl-C server/core/runtime/apply_step_runner_internal_test.go:Configuring remote state backend... server/core/runtime/apply_step_runner_test.go:Running apply in the remote backend. Output will stream here. Pressing Ctrl-C server/core/runtime/apply_step_runner_test.go:Configuring remote state backend... server/core/runtime/plan_step_runner.go:// backend. It watches the command output for the run url to be printed, and server/core/runtime/plan_step_runner.go:The "remote" backend does not support saving the generated execution server/core/runtime/plan_step_runner.go:The "remote" backend does not support saving the generated execution plan server/core/runtime/plan_step_runner.go:The "remote" backend does not support saving the generated execution plan server/core/runtime/plan_step_runner_test.go:The "remote" backend does not support saving the generated execution server/core/runtime/plan_step_runner_test.go:The "remote" backend does not support saving the generated execution plan server/core/runtime/plan_step_runner_test.go: `Running plan in the remote backend. Output will stream here. Pressing Ctrl-C server/core/runtime/plan_step_runner_test.go:Configuring remote state backend.… runatlantis/atlantis

GitHub

10/12/2025, 12:02 AM

#5880 chore: Remove duplicate mock for WorkingDir Pull request opened by lukemassa ## what Remove

server/events/mock_workingdir_test.go

, rely on the existing mock implementation in

server/events/mocks/mock_working_dir.go

. ## why I noticed this when digging into pegomock. For some reason we were generating mock files twice for

WorkingDir

, one of which was ending up in

events

package instead of the dedicated

mocks

one where all the other mocks for events live. In fact, this was the only mock file in the entire repo that wasn't in a mocks/ subdir.

Copy code

atlantis % find . \! -path '**/mocks/**' -name 'mock_*'
./server/events/mock_workingdir_test.go

## tests Depending on unit tests to continue to work. ## references N/A runatlantis/atlantis

GitHub

10/12/2025, 1:43 AM

#5881 chore: Create new workspace package Pull request opened by lukemassa ## what Move workspace-related types from

server/events

to new subpackage

server/events/workspace

. Moved: •

WorkingDir

interface •

WorkingDirLocker

interface •

FileWorkspace

struct •

GithubAppWorkingDir

struct ## why I noticed that there were two different mocks being created for `WorkingDir`: one in

events/mocks/

and another in the

events

package itself (

mock_workingdir_test.go

). It is the only mock in the project which is written into a non-mock package, leading to oddities like in #5800 where it is formatted differently (because we have different formatting rules for mock and non-mock). The duplicate existed because

project_command_builder_internal_test.go

(an internal test in

package events

) needed to import the mock, but importing

events/mocks

would create an import cycle (

events

→

events/mocks

→

events

). This was an indication that the workspace code was getting big enough to be its own package. Moving it to a subpackage breaks the import cycle while keeping the code organized. ## tests •

go build ./...

•

go test ./server/events ./server/controllers/... -short

•

golangci-lint run

## references N/A runatlantis/atlantis

GitHub

10/12/2025, 1:46 AM

#4331 feat: allow masking output on comments Pull request opened by GMartinez-Sisti ## what Part of #163 (comment). ## why I have the requirements to mask some values that are passed to the comments posted by Atlantis, building up on

strip_refreshing

I added two new output configurations that will allow this via a regex configured on the step. There is an assumption that users that shouldn't see secrets/sensitive values won't have access to the URL jobs, where the plan outputs are shown untouched. The

output

key can now contain a `string, `[]string`or`[]any`, this was we ensure compatibility while adding new possibilities to it. Example (added to the docs): workflows: terragrunt: plan: steps: - run: command: terragrunt plan -input=false -out=$PLANFILE output: - strip_refreshing # Filters text matching 'mySecret: "aaa"' -> 'mySecret: "<redacted>"' - filter_regex: "((?i)secret:\\s\")[^\"]*" Note that the changes related to mocks were made manually since

make go-generate

is currently broken (#4664). ## tests • Running all the tests locally and adding coverage for the new feature • Build and deployed this version with the new config from feature and tested that

atlantis plan

provides the desired masked output on GitHub 😄 ## references Possibly solves #163. runatlantis/atlantis

GitHub

10/12/2025, 1:48 AM

#5882 chore(deps): update redis:7.4-alpine docker digest to 3b73847 in docker-compose.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Update | Change | | ------- | ------ | ------------------ | | redis | digest | 7a7c6b5 -> 3b73847 | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/13/2025, 2:01 AM

#5883 chore(deps): update github/codeql-action action to v3.30.7 in .github/workflows/scorecard.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | Pending | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | v3.30.5 -> v3.30.7 | v3.30.8 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Release Notes github/codeql-action (github/codeql-action) ### `v3.30.7` Compare Source ##### CodeQL Action Changelog See the releases page for the relevant changes to the CodeQL CLI and language packs. ##### 3.30.7 - 06 Oct 2025 No user facing changes. See the full CHANGELOG.md for more information. ### `v3.30.6` Compare Source ### CodeQL Action Changelog See the releases page for the relevant changes to the CodeQL CLI and language packs. #### 3.30.6 - 02 Oct 2025 • Update default CodeQL bundle version to 2.23.2. #3168 See the full CHANGELOG.md for more information. --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/13/2025, 11:49 AM

#5885 fix: determine mergeability of GitHub workflows from check suite Pull request opened by henriklundstrom ## what Use the conclusion of the check suite instead of the conclusion of the individual check run when determining if a pull request with a required workflow is mergeable when the

gh-allow-mergeable-bypass-apply

-flag is enabled. • Use check suite conclusion rather than check run conclusion to determine required workflow outcome ## why • Resolves the issue #5884 • The conclusion of an individual check run is insufficient for determining the conclusion of a workflow as it may have multiple check runs, the outcomes of which may differ, meaning a successful check run does not necessarily entail a successful workflow. Use the conclusion of the check suite instead, which holds the combined conclusion of each associated check run. ## tests • Adding a test case where a required workflow has multiple checks in the same suite but only the first is successful • This test fails with the implementation on main, but passes with the changes made by this PR • Making a release on this feature branch: https://github.com/nordnet/atlantis/releases/tag/v0.37.0-pre.mergeability-from-check-suite-20250929-001 • See the associated Docker image:

<http://ghcr.io/nordnet/atlantis:v0.37.0-pre.mergeability-from-check-suite-20250929-001-alpine@sha256:d7153cc2916d9c9bc0c6743ad1732bdea8d7eca73a1cd944f9f959695397cde5|ghcr.io/nordnet/atlantis:v0.37.0-pre.mergeability-from-check-suite-20250929-001-alpine@sha256:d7153cc2916d9c9bc0c6743ad1732bdea8d7eca73a1cd944f9f959695397cde5>

## references runatlantis/atlantis

GitHub

10/14/2025, 1:58 AM

#5886 chore(deps): update go to v1.25.2 in go.mod (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | Pending | OpenSSF | | ----------------------------------------------------------------------- | ------ | ------ | ----------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [go](https://go.dev/) ([source](https://redirect.github.com/golang/go)) | golang | patch | 1.25.1 -> 1.25.2 | 1.25.3 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/c969aea50aa6c73e27384d8508b5fc8f9d31bd400c588089a1c7a7cdbb51ec23/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f676f6c616e672f676f2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/golang/go) | | golang | final | patch | 1.25.1 -> 1.25.2 | 1.25.3 | | | golang | stage | patch | 1.25.1-alpine -> 1.25.2 | 1.25.3 | | --- ### Release Notes golang/go (go) ### `v1.25.2` --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about these updates again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

GitHub

10/15/2025, 1:13 AM

#5887 chore(deps): update ossf/scorecard-action action to v2.4.3 in .github/workflows/scorecard.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | -------------------------------------------------------------------------- | ------ | ------ | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | patch | v2.4.2 -> v2.4.3 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/6e2fe573e0ab5bbca090535c09c2d59c2f8223c63db2139ea81456471f80a403/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6f7373662f73636f7265636172642d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard-action) | --- ### Release Notes ossf/scorecard-action (ossf/scorecard-action) ### `v2.4.3` Compare Source #### What's Changed This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes. #### Documentation • docs: clarify

GITHUB_TOKEN

permissions needed for private repos by @pankajtaneja5 in #1574 • 📖 Fix recommended command to test the image in development by @deivid-rodriguez in #1583 #### Other • add missing top-level token permissions to workflows by @timothyklee in #1566 • setup codeowners for requesting reviews by @spencerschrock in #1576 • 🌱 Improve printing options by @deivid-rodriguez in #1584 #### New Contributors • @timothyklee made their first contribution in #1566 • @pankajtaneja5 made their first contribution in #1574 • @deivid-rodriguez made their first contribution in #1584 Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3 --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis