trueberryless-org · trueberryless · Jan 8, 2026 · Jan 8, 2026
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -12,6 +12,8 @@
   "rangeStrategy": "bump",
   "ignorePaths": ["**/node_modules/**"],
   "commitMessageSuffix": "[skip ci]",
+  "assignees": [],
+  "reviewers": [],
   "packageRules": [
     {
       "groupName": "github-actions",

diff --git a/.github/workflows/format.yaml b/.github/workflows/format.yaml
@@ -6,19 +6,24 @@ on:
 permissions:
   contents: read
 
+env:
+  NODE_VERSION: 24.10.0
+
 jobs:
   autofix:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Setup PNPM
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
-          node-version: 20.19.5
+          node-version: ${{ env.NODE_VERSION }}
           cache: "pnpm"
 
       - name: Install Dependencies

diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
@@ -16,7 +16,9 @@ jobs:
           app_id: ${{ secrets.BOT_APP_ID }}
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
 
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
       - name: Ensure labels exist
         env:
           GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
@@ -49,7 +51,7 @@ jobs:
           gh label create "🏯 styles" --description "Stylesheets or design updates" --color "550F5A" --force
           gh label create "🔒 wontfix" --description "This will not be worked on" --color "FFFFFF" --force
 
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
+      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
         with:
           configuration-path: .github/labeler.yaml
           sync-labels: true
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -11,10 +11,8 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  REGISTRY: docker.io
-  IMAGE_OWNER: trueberryless
   IMAGE_NAME: starlight-sidebar-clickable-groups
-  NODE_VERSION: 20
+  NODE_VERSION: 24.10.0
 
 jobs:
   changes:
@@ -24,7 +22,9 @@ jobs:
       starlight-sidebar-clickable-groups: ${{ steps.filter.outputs.starlight-sidebar-clickable-groups }}
     steps:
       - name: Check out the repo
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         id: filter
@@ -50,13 +50,15 @@ jobs:
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
 
       - name: Checkout Repo
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Setup PNPM
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: "pnpm"
@@ -72,7 +74,6 @@ jobs:
           title: "ci: release [skip netlify]"
         env:
           GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Get published version
         if: steps.changesets.outputs.hasChangesets == 'true'
@@ -90,7 +91,9 @@ jobs:
       IMAGE_TAG: ${{ env.IMAGE_TAG }}
     steps:
       - name: Check out the repo
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Read version from package.json
         id: get_version
@@ -102,25 +105,27 @@ jobs:
     needs: [changes, changesets, image-tag]
     if: >
       (
-        needs.changesets.outputs.hasChangesets == 'false' && 
+        needs.changesets.outputs.hasChangesets == 'false' &&
         (
-          contains(github.event.head_commit.message, 'deploy') || 
+          contains(github.event.head_commit.message, 'deploy') ||
           contains(github.event.head_commit.message, 'release')
         )
-      ) || 
+      ) ||
       github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     permissions:
       contents: write
       id-token: write
     steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Setup PNPM
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: "pnpm"
@@ -131,9 +136,7 @@ jobs:
 
       - run: |
           cd packages/starlight-sidebar-clickable-groups
-          npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          npm publish --access public
 
   release:
     name: Release
@@ -143,7 +146,9 @@ jobs:
       contents: write
     steps:
       - name: Check out the repo
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - id: extract-changelog
         uses: sean0x42/markdown-extract@7b185cbe85263116bbf741e739e7198ba86465dc # v2.1.0

diff --git a/.github/workflows/welcome-bot.yaml b/.github/workflows/welcome-bot.yaml
@@ -20,7 +20,9 @@ jobs:
           app_id: ${{ secrets.BOT_APP_ID }}
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
 
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
       - name: Convert Repository Name to Title Case
         id: convert_repo_name
         run: |

diff --git a/package.json b/package.json
@@ -18,10 +18,10 @@
     "version": "pnpm changeset version && pnpm i --no-frozen-lockfile"
   },
   "devDependencies": {
-    "@changesets/changelog-github": "^0.5.0",
-    "@changesets/cli": "^2.27.11",
-    "@trivago/prettier-plugin-sort-imports": "5.2.2",
-    "prettier": "3.5.3",
+    "@changesets/changelog-github": "^0.5.2",
+    "@changesets/cli": "^2.29.8",
+    "@trivago/prettier-plugin-sort-imports": "6.0.2",
+    "prettier": "3.7.4",
     "prettier-plugin-astro": "0.14.1"
   },
   "packageManager": "pnpm@10.10.0",