ci(deps): Bump marocchino/sticky-pull-request-comment from 2 to 3

[dependabot]

Bumps marocchino/sticky-pull-request-comment from 2 to 3.

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.0

What's Changed

• Update node to 24
• Update deps

New Contributors

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.4...v3.0.0

v2.9.4

What's Changed

• build(deps-dev): Bump @​biomejs/biome from 2.0.0 to 2.0.2 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1554
• build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1561
• build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1562
• build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1563
• build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1564

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

v2.9.3

What's Changed

• Update deps (including security issues)
• Test with vitest instead of jest
• Use biome

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.2...v2.9.3

v2.9.2

What's Changed

• Update @​octokit/graphql-schema & use biome by @​marocchino in marocchino/sticky-pull-request-comment#1517
• build(deps): Bump undici from 5.28.4 to 5.28.5 by @​dependabot in marocchino/sticky-pull-request-comment#1476
• build(deps-dev): Bump @​types/node from 22.10.7 to 22.14.0 by @​dependabot in marocchino/sticky-pull-request-comment#1515
• build(deps): Bump @​octokit/request-error from 5.0.1 to 5.1.1 by @​dependabot in marocchino/sticky-pull-request-comment#1490
• build(deps): Bump @​octokit/request from 8.1.4 to 8.4.1 by @​dependabot in marocchino/sticky-pull-request-comment#1494
• build(deps): Bump @​octokit/plugin-paginate-rest from 9.1.2 to 9.2.2 by @​dependabot in marocchino/sticky-pull-request-comment#1493

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.1...v2.9.2

v2.9.1

What's Changed

• Fix test action by @​NoRePercussions in marocchino/sticky-pull-request-comment#1364
• PR Test Autocomment: Include Errors by @​NoRePercussions in marocchino/sticky-pull-request-comment#1365
• Always move ID comment to end of message by @​NoRePercussions in marocchino/sticky-pull-request-comment#1373
• Update deps

... (truncated)

Commits

• 70d2764 📦️ Build
• 308b2fd Don't create a comment with hide: true (#1661)
• 3bbec31 Add comprehensive tests for main.ts covering all branches (#1660)
• aaf6178 🔖 Version bump (#1658)
• 7d67ef6 👷 Use pull_request
• 1ed3d7b ⬆️ Update deps
• 46a16ec build(deps-dev): Bump @​types/node from 24.5.2 to 25.0.3 (#1646)
• 0a36b9e build(deps): Bump @​actions/core from 1.11.1 to 2.0.2 (#1649)
• 74297c9 build(deps-dev): Bump @​vercel/ncc from 0.38.3 to 0.38.4 (#1592)
• e736d73 📦️ Build
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/ci.yml

Package	Version	License	Issue Type
marocchino/sticky-pull-request-comment	3.*.*	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
actions/marocchino/sticky-pull-request-comment	3.*.*	🟢 4.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ -1 Found no human activity in the last 15 changesets Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/ci.yml

[github-actions]

Code Coverage

Summary
  Generated on: 03/16/2026 - 09:46:54
  Coverage date: 03/16/2026 - 09:46:49 - 03/16/2026 - 09:46:52
  Parser: MultiReport (5x Cobertura)
  Assemblies: 2
  Classes: 14
  Files: 13
  Line coverage: 87.2%
  Covered lines: 225
  Uncovered lines: 33
  Coverable lines: 258
  Total lines: 880
  Branch coverage: 79% (79 of 100)
  Covered branches: 79
  Total branches: 100
  Method coverage: 98% (51 of 52)
  Full method coverage: 88.4% (46 of 52)
  Covered methods: 51
  Fully covered methods: 46
  Total methods: 52

JD.SemanticKernel.Connectors.Abstractions                                   100%
  JD.SemanticKernel.Connectors.Abstractions.ModelInfo                       100%
  JD.SemanticKernel.Connectors.Abstractions.SessionCredentials              100%
  JD.SemanticKernel.Connectors.Abstractions.SessionOptionsBase              100%

JD.SemanticKernel.Connectors.GitHubCopilot                                 86.9%
  JD.SemanticKernel.Connectors.GitHubCopilot.CopilotHttpClientFactory       100%
  JD.SemanticKernel.Connectors.GitHubCopilot.CopilotModelDiscovery          100%
  JD.SemanticKernel.Connectors.GitHubCopilot.CopilotSessionException        100%
  JD.SemanticKernel.Connectors.GitHubCopilot.CopilotSessionHttpHandler      100%
  JD.SemanticKernel.Connectors.GitHubCopilot.CopilotSessionOptions          100%
  JD.SemanticKernel.Connectors.GitHubCopilot.CopilotSessionProvider        75.9%
  JD.SemanticKernel.Connectors.GitHubCopilot.KernelBuilderExtensions        100%
  JD.SemanticKernel.Connectors.GitHubCopilot.Models.CopilotAppsEntry       66.6%
  JD.SemanticKernel.Connectors.GitHubCopilot.Models.CopilotEndpoints        100%
  JD.SemanticKernel.Connectors.GitHubCopilot.Models.CopilotTokenResponse    100%
  JD.SemanticKernel.Connectors.GitHubCopilot.ServiceCollectionExtensions    100%

[github-actions]

Test Results

101 tests   92 ✅  0s ⏱️
  3 suites   9 💤
  3 files     0 ❌

Results for commit 25771d3.