Skip to content
Security (PR)

Bump reqwest-middleware from 0.4.2 to 0.5.0 #35

Sign in to view logs

Bump reqwest-middleware from 0.4.2 to 0.5.0

Bump reqwest-middleware from 0.4.2 to 0.5.0 #35

Triggered via pull request January 28, 2026 10:10
@dependabotdependabot[bot]
synchronize #276
dependabot/cargo/reqwest-middleware-0.5.0
Status Success
Total duration 26s
Artifacts

security-pr.yml Required

on: pull_request
semgrep-oss/scan
22s
semgrep-oss/scan
zizmor
15s
zizmor
Fit to window
Zoom out
Zoom in

Annotations

8 warnings
excessive-permissions: .github/workflows/cargo-test.yml#L17
cargo-test.yml:17: overly broad permissions: default permissions used due to no permissions: block
artipacked: .github/workflows/cargo-test.yml#L21
cargo-test.yml:21: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
excessive-permissions: .github/workflows/cargo-clippy.yml#L22
cargo-clippy.yml:22: overly broad permissions: default permissions used due to no permissions: block
artipacked: .github/workflows/cargo-clippy.yml#L26
cargo-clippy.yml:26: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
excessive-permissions: .github/workflows/cargo-build.yml#L15
cargo-build.yml:15: overly broad permissions: default permissions used due to no permissions: block
artipacked: .github/workflows/cargo-build.yml#L19
cargo-build.yml:19: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
dependabot-cooldown: .github/dependabot.yml#L75
dependabot.yml:75: insufficient cooldown in Dependabot updates: missing cooldown configuration
zizmor
No file matched to [/home/runner/work/third-party-api-clients/third-party-api-clients/**/*requirements*.txt,/home/runner/work/third-party-api-clients/third-party-api-clients/**/*requirements*.in,/home/runner/work/third-party-api-clients/third-party-api-clients/**/*constraints*.txt,/home/runner/work/third-party-api-clients/third-party-api-clients/**/*constraints*.in,/home/runner/work/third-party-api-clients/third-party-api-clients/**/pyproject.toml,/home/runner/work/third-party-api-clients/third-party-api-clients/**/uv.lock,/home/runner/work/third-party-api-clients/third-party-api-clients/**/*.py.lock]. The cache will never get invalidated. Make sure you have checked out the target repository and configured the cache-dependency-glob input correctly.