chore(deps): update actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
actions/checkout (changelog)	action	digest	8e8c483 → de0fac2
astral-sh/setup-uv (changelog)	action	digest	61cb8a9 → 803947b
docker/login-action (changelog)	action	digest	5e57cd1 → c94ce9f
github/codeql-action (changelog)	action	digest	b20883b → 6bc82e0
lewagon/wait-on-check-action	action	minor	v1.4.1 → v1.5.0
reviewdog/action-actionlint	action	minor	v1.69.1 → v1.70.0

---

Release Notes

lewagon/wait-on-check-action (lewagon/wait-on-check-action)

v1.5.0

Compare Source

Added

• Add fail-on-no-checks option

Fixed

• Bump rexml to 3.4.2

reviewdog/action-actionlint (reviewdog/action-actionlint)

v1.70.0

Compare Source

v1.70.0: PR #​191 - chore(deps): update actionlint to 1.7.10

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

[yamllint] _{reported by reviewdog 🐶}
[warning] line too long (339 > 185 characters) (line-length)

[github-actions]

[yamllint] _{reported by reviewdog 🐶}
[warning] line too long (252 > 185 characters) (line-length)

tux/.github/workflows/docs.yml

Line 236 in d716d2b

npx wrangler@4 versions deploy "${{ steps.preview_upload.outputs.version_id }}" -y --config wrangler.toml --env preview --message="Preview: tux@${{ github.sha }} on ${{ github.ref_name }} by ${{ github.actor }} (run ${{ github.run_number }})"

[github-actions]

[yamllint] _{reported by reviewdog 🐶}
[warning] line too long (348 > 185 characters) (line-length)

tux/.github/workflows/docs.yml

Line 287 in d716d2b

| Preview | ${{ steps.prepare_url.outputs.is_url == 'true' && format('[{0}]({0})', steps.prepare_url.outputs.preview_url) || steps.prepare_url.outputs.preview_url }} | ${{ steps.preview_upload.outputs.version_id || '-' }} | Preview: tux@${{ github.sha }} on ${{ github.ref_name }} by ${{ github.actor }} (run ${{ github.run_number }}) |

[cubic-dev-ai]

No issues found across 11 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[github-actions]

📚 Documentation Preview

Type	URL	Version	Message
Production	https://tux.atl.dev	-	-
Preview	https://1252a6b5-tux-docs.allthingslinux.workers.dev	1252a6b5-d987-4b35-883b-f4cd7a107d93	Preview: tux@00a8840be2c7411335b0758b705ed1c5b9e8e9b2 on 1187/merge by renovate[bot] (run 398)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA d716d2b.

Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	de0fac2e4500dabe0009e67214ff5f5447ce83dd	🟢 6.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST 🟢 8 SAST tool detected but not run on all commits
actions/docker/login-action	c94ce9fb468520275223c153574b00df6fe4bcc9	🟢 6.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 21 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 9 SAST tool detected but not run on all commits
actions/actions/checkout	de0fac2e4500dabe0009e67214ff5f5447ce83dd	🟢 6.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST 🟢 8 SAST tool detected but not run on all commits

Scanned Files

• .github/workflows/docker.yml
• .github/workflows/tests.yml

[sentry]

❌ 3 Tests Failed:

Tests completed	Failed	Passed	Skipped
664	3	661	36

View the full list of 3 ❄️ flaky test(s)

tests/cache/test_backend.py::TestValkeyBackend::test_setex_called_when_ttl_sec_provided

Flake rate in main: 100.00% (Passed 0 times, Failed 8 times)

Stack Traces | 0.008s run time

tests/cache/test_backend.py:162: in test_setex_called_when_ttl_sec_provided
    assert args[2] == "v"
E   assert '"v"' == 'v'
E     
E     #x1B[0m#x1B[91m- v#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
E     #x1B[92m+ "v"#x1B[39;49;00m#x1B[90m#x1B[39;49;00m

tests/cache/test_backend.py::TestValkeyBackend::test_string_value_stored_as_is

Flake rate in main: 100.00% (Passed 0 times, Failed 8 times)

Stack Traces | 0.005s run time

tests/cache/test_backend.py:128: in test_string_value_stored_as_is
    assert mock_client.set.call_args[0][1] == "plain"
E   assert '"plain"' == 'plain'
E     
E     #x1B[0m#x1B[91m- plain#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
E     #x1B[92m+ "plain"#x1B[39;49;00m#x1B[90m#x1B[39;49;00m
E     ? +     +#x1B[90m#x1B[39;49;00m

tests/modules/test_jail_system.py::TestRejailOnRejoin::test_on_member_join_reapplies_jail_role_when_user_was_jailed

Flake rate in main: 14.29% (Passed 6 times, Failed 1 times)

Stack Traces | 0.197s run time

.../hostedtoolcache/Python/3.13.11.../x64/lib/python3.13/unittest/mock.py:990: in assert_called_once_with
    raise AssertionError(msg)
E   AssertionError: Expected 'add_roles' to be called once. Called 0 times.

During handling of the above exception, another exception occurred:
tests/modules/test_jail_system.py:517: in test_on_member_join_reapplies_jail_role_when_user_was_jailed
    member.add_roles.assert_called_once_with(
E   AssertionError: Expected 'add_roles' to be called once. Called 0 times.

To view more test analytics, go to the [Prevent Tests Dashboard](https://All Things Linux.sentry.io/prevent/tests/?preventPeriod=30d&integratedOrgName=allthingslinux&repository=tux&branch=renovate%2Factions)