chore(deps): bump complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml from 0.2.1 to 0.3.1

[dependabot]

Bumps complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml from 0.2.1 to 0.3.1.

Release notes

Sourced from complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml's releases.

v0.3.1

org-infra 0.3.1

Central reusable GitHub Actions workflows, CI templates, compliance policy assets, and org sync tooling. Downstream repos usually consume this repo via workflow uses: pins or version tags.

Before you upgrade

• Treat workflow YAML updates as potentially breaking for every consumer until you’ve reviewed them.
• Use the Workflows & GitHub Actions section below for PRs that touched pipelines; for exact paths and hunks, open the compare link and narrow Files changed to .github/workflows/.

View full diff: v0.3.0 → v0.3.1

Changes

• fix(ci): extract repo slug for reusable workflow release age detection — #310 · @​marcusburghardt
• feat(ci): add org-owned dependency detection and auto-merge — #311 · @​marcusburghardt
• fix(ci): checkout org-infra scripts in reusable CRAP Load workflow — #318 · @​marcusburghardt
• feat: add GitHub Job Summary to Trivy scan workflows — #319 · @​marcusburghardt
• fix(compliance): correct require-pull-request policy and OCI tag syntax — #315 · @​marcusburghardt

Maintenance

• ci(deps): bump carabiner-dev/actions from 1.2.0 to 1.2.1 — #309 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_security.yml from 0.2.1 to 0.3.0 — #308 · @dependabot[bot]
• ci(deps): bump github/codeql-action from 4.36.1 to 4.36.2 — #316 · @dependabot[bot]

---

Compare: v0.3.0…v0.3.1

Thanks to @​marcusburghardt and dependabot[bot] for this release.

v0.3.0

org-infra 0.3.0

Central reusable GitHub Actions workflows, CI templates, compliance policy assets, and org sync tooling. Downstream repos usually consume this repo via workflow uses: pins or version tags.

Before you upgrade

• Treat workflow YAML updates as potentially breaking for every consumer until you’ve reviewed them.
• Use the Workflows & GitHub Actions section below for PRs that touched pipelines; for exact paths and hunks, open the compare link and narrow Files changed to .github/workflows/.

View full diff: v0.2.1 → v0.3.0

Changes

• feat(crapload): multi-module package resolution and baseline guidance — #253 · @​trevor-vaughan
• fix: follow-up hardening and consistency fixes for crapload workflow — #266 · @​marcusburghardt
• fix(ci): update compliance workflow for providers split and Quay direct fetch — #277 · @​sonupreetam

... (truncated)

Commits

• 2c19341 fix(compliance): use @ tag syntax in policy OCI reference
• f13b728 fix(compliance): use pull_request rule type in require-pull-request policy
• d9fc7a1 feat: add GitHub Job Summary to Trivy scan workflows (#319)
• 743c1a7 fix(ci): suppress actionlint false positives for job.workflow_* properties
• 0981b5d fix(ci): checkout org-infra scripts in reusable CRAP Load workflow
• d40bb78 ci(deps): bump github/codeql-action from 4.36.1 to 4.36.2
• 4c7bdcf feat(ci): add org-owned dependency detection and auto-merge (#311)
• 1a9a1c9 fix(ci): extract repo slug for reusable workflow release age detection
• 68ac170 ci(deps): bump complytime/org-infra/.github/workflows/reusable_security.yml
• a9e220c ci(deps): bump carabiner-dev/actions from 1.2.0 to 1.2.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

• Dependencies Review: success
  • View detailed logs
• Calculated Risk: medium
• Dependency Usage: At least 7 repositories are using this dependency version

---

Maintainer check list:

1. Ensure the PR passed all CI tests (required status checks).
2. Investigate failures for Major updates or any manual review requirement.
3. Don't overlook breaking changes and changelog information.
4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
5. Be diligent. When in doubt, ask another maintainer for additional review.