chore(deps): bump ytanikin/pr-conventional-commits from 1.5.1 to 1.5.2

[dependabot]

Bumps ytanikin/pr-conventional-commits from 1.5.1 to 1.5.2.

Release notes

Sourced from ytanikin/pr-conventional-commits's releases.

1.5.2

What's Changed

• fix: build(deps): bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in ytanikin/pr-conventional-commits#54

Full Changelog: ytanikin/pr-conventional-commits@1.5.1...1.5.2

Commits

• 639145d fix: build(deps): bump minimatch from 3.1.2 to 3.1.5 (#54)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

This PR bumps the ytanikin/pr-conventional-commits GitHub Action from 1.5.1 to 1.5.2 in the PR title validation workflow. The upstream patch resolves a security issue by upgrading minimatch from 3.1.2 to 3.1.5, which fixes a ReDoS (Regular Expression Denial of Service) vulnerability.

• Single-line change in .github/workflows/pr-title.yml: version tag updated from @1.5.1 to @1.5.2
• No behavioral changes to the workflow logic, configuration, or task type definitions
• The update addresses a transitive dependency security fix in the action itself

Confidence Score: 5/5

• This PR is safe to merge — it is a minimal, automated dependency bump with no logic changes.
• The change is a single-line version bump of a GitHub Actions dependency, generated by Dependabot. The upstream 1.5.2 release only patches a transitive minimatch ReDoS vulnerability with no API or behavioral changes. There is no risk to workflow correctness or production systems.
• No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/pr-title.yml	Single-line version bump of ytanikin/pr-conventional-commits from 1.5.1 to 1.5.2; the upstream patch fixes a minimatch ReDoS vulnerability (CVE associated with minimatch < 3.1.5).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[PR Opened / Synchronized] --> B[pr-title.yml Workflow Triggered]
    B --> C["ytanikin/pr-conventional-commits@1.5.2\n(was @1.5.1)"]
    C --> D{PR Title matches\nconventional commit format?}
    D -- Yes --> E[Validation Passes ✅]
    D -- No --> F[Workflow Fails ❌]

Loading

_{Last reviewed commit: "chore(deps): bump yt..."}