From 969e4826a4e4e092a434d8831ce6df1e7e62db1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Apr 2026 10:18:55 +0000
Subject: [PATCH 1/2] [CHORE](gha)(deps): Bump
 marocchino/sticky-pull-request-comment

Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) from 2.9.4 to 3.0.3.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](https://github.com/marocchino/sticky-pull-request-comment/compare/773744901bac0e8cbb5a0dc842800d45e9b2b405...0ea0beb66eb9baf113663a64ec522f60e49231c0)

---
updated-dependencies:
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/validate-pr-title.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/validate-pr-title.yml b/.github/workflows/validate-pr-title.yml
index 9b5bc5d..0b91108 100644
--- a/.github/workflows/validate-pr-title.yml
+++ b/.github/workflows/validate-pr-title.yml
@@ -81,7 +81,7 @@ jobs:
 
       - name: Post validation failure comment
         if: ${{ failure() && steps.lint_pr_title.outputs.error_message }}
-        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+        uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
         with:
           header: pr-title-validation-error
           message: |
@@ -99,7 +99,7 @@ jobs:
 
       - name: Delete comment on success
         if: ${{ success() }}
-        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+        uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
         with:
           header: pr-title-validation-error
           delete: true

From d4980176bce413a90e8072316c1c97d7aaef0cba Mon Sep 17 00:00:00 2001
From: John McCall <john@overturemaps.org>
Date: Tue, 14 Apr 2026 09:40:45 -0400
Subject: [PATCH 2/2] Add zizmor ignore comments to GitHub actions

Add inline zizmor ignore annotations to suppress automated checks: update .github/actions/s5cmd/action.yml to ignore stale-action-refs on the action setup line; update .github/workflows/omf_pr_checks.yml and .github/workflows/validate-pr-title.yml to ignore concurrency-limits on workflow names and mark the pull_request_target trigger as ignore[dangerous-triggers]. These comments silence linter/CI warnings about stale action refs, concurrency limits, and dangerous triggers.

Signed-off-by: John McCall <john@overturemaps.org>
---
 .github/actions/s5cmd/action.yml        | 2 +-
 .github/workflows/omf_pr_checks.yml     | 2 +-
 .github/workflows/validate-pr-title.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/actions/s5cmd/action.yml b/.github/actions/s5cmd/action.yml
index 8a130c6..8398288 100644
--- a/.github/actions/s5cmd/action.yml
+++ b/.github/actions/s5cmd/action.yml
@@ -57,7 +57,7 @@ runs:
   using: composite
   steps:
     - name: Install s5cmd v${{ inputs.version }}
-      uses: peak/action-setup-s5cmd@bde462e7399c68b4a9b05549d90b0e7d5c95e60f
+      uses: peak/action-setup-s5cmd@bde462e7399c68b4a9b05549d90b0e7d5c95e60f # zizmor: ignore[stale-action-refs] — upstream has no releases or tags; main
       with:
         version: v${{ inputs.version }}
 
diff --git a/.github/workflows/omf_pr_checks.yml b/.github/workflows/omf_pr_checks.yml
index 0fe4cf2..6f68f4a 100644
--- a/.github/workflows/omf_pr_checks.yml
+++ b/.github/workflows/omf_pr_checks.yml
@@ -7,7 +7,7 @@
 #
 # Designed to run as a GitHub Ruleset required workflow.
 #
-name: OMF PR Checks
+name: OMF PR Checks # zizmor: ignore[concurrency-limits]
 
 on:
   pull_request_target: # zizmor: ignore[dangerous-triggers]
diff --git a/.github/workflows/validate-pr-title.yml b/.github/workflows/validate-pr-title.yml
index 0b91108..087b3fb 100644
--- a/.github/workflows/validate-pr-title.yml
+++ b/.github/workflows/validate-pr-title.yml
@@ -19,7 +19,7 @@
 #     validate-title:
 #       uses: OvertureMaps/workflows/.github/workflows/validate-pr-title.yml@main
 #
-name: Validate PR Title
+name: Validate PR Title # zizmor: ignore[concurrency-limits]
 
 on:
   workflow_call: