Skip to content

build(deps): bump getsentry/codecov-action from fda17cfc37e16a0cc23f61685813390bfee7daf3 to afa60378e8e4939ddb77575a51da92885c61ca86 #5978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 3 commits into
base: master
Choose a base branch
from

Merge branch 'master' into dependabot/github_actions/getsentry/codeco…

1346a0b
Select commit
Loading
Failed to load commit list.
Open

build(deps): bump getsentry/codecov-action from fda17cfc37e16a0cc23f61685813390bfee7daf3 to afa60378e8e4939ddb77575a51da92885c61ca86 #5978

Merge branch 'master' into dependabot/github_actions/getsentry/codeco…
1346a0b
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden completed Apr 14, 2026 in 3m 8s

1 issue

Low

Template file not updated - future regeneration will revert dependency bump - `.github/workflows/test-integrations-web-2.yml:109`

The Jinja template at scripts/split_tox_gh_actions/templates/test_group.jinja (line 99) still references the old codecov-action commit hash fda17cfc37e16a0cc23f61685813390bfee7daf3, while the generated workflow files are being updated to the new hash afa60378e8e4939ddb77575a51da92885c61ca86. When workflows are regenerated via python scripts/split_tox_gh_actions/split_tox_gh_actions.py, this dependency bump will be silently reverted, potentially missing security patches in the newer version.

4 skills analyzed
Skill Findings Duration Cost
code-review 0 27.0s $0.34
find-bugs 1 3m 6s $1.07
skill-scanner 0 1m 7s $0.81
security-review 0 1m 58s $1.16

Duration: 6m 39s · Tokens: 1.6M in / 28.6k out · Cost: $3.38 (+extraction: $0.01)

View more details on @sentry/warden