chore(deps): update schemastore digest to fd0ba84

[renovate]

This PR contains the following updates:

Package	Update	Change
schemastore (changelog)	digest	ba06047 → fd0ba84

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

The SchemaStore submodule advances by 81 commits (ba06047 → fd0ba84). The two changes relevant to this project (which only consumes github-workflow.json and github-action.json) are:

• dbc0fd17 — Add code-quality to GitHub Workflow permissions (#5736)
  Adds "code-quality" as a valid permission scope inside permissions: blocks. Before this, using permissions: code-quality: write in a workflow would produce a false-positive unknown key diagnostic from ghasec's generated validator.

• 3fdf6895 — Fix GitHub workflow event type constraints (#5796)
  Structural fix: changes event object definitions from direct $ref (which overrides sibling properties in JSON Schema draft-07) to allOf: [{$ref}] for all event types (branch_protection_rule, check_run, issue_comment, pull_request, release, etc.). This properly preserves the sibling items.enum constraints for event types: fields in the compiled schema, rather than relying on raw-JSON extraction. This resolves a class of incorrect type constraint warnings that affected issue_comment with types: [opened] (which opened is not a valid type for that event — the schema was previously not enforcing this).

• fd0ba84d — build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 (#5835)
  Final commit; bumps SchemaStore's own dev tooling. No schema content changed.

• github-action.json was not modified in this range.

🎯 Impact Scope Investigation

• PR diff: Only the Git submodule pointer changes (schemastore from ba06047 to fd0ba84). The committed rules/invalid-workflow/generated.go (~706 KB) and rules/invalid-action/generated.go (~114 KB) are not touched.

• Runtime impact of this PR alone: zero. The build system does not run go generate automatically. All validation code lives in the committed generated.go files, which remain unchanged. Existing tests will continue to pass.

• Impact after running go generate (a subsequent step):

  1. code-quality will be accepted as a valid permission key (additive, no regressions).
  2. The allOf-wrapped $ref pattern allows the JSON Schema compiler to properly include items.enum for event types. The extractEventTypeEnums workaround in cmd/gen/event_types.go guards against this: its extractTypesEnumFromProperties function checks for a direct "$ref" key on the types property (line 110), which will now be absent (replaced by allOf). However, since the schema fix makes the compiler correctly include those enums natively, the injection step is no longer needed — and the converter's AllOf branch traversal in convert.go will propagate the items.enum correctly. Net result: correct, equivalent generated code.

• github-action.json unchanged — rules/invalid-action/generated.go requires no regeneration.

💡 Recommended Actions

• Merge this PR — it is safe. The submodule pointer update is a required prerequisite for the next step.

• Follow up with a go generate commit: After merging, run the following to regenerate and commit the updated validator:

  go generate ./rules/invalid-workflow/ ./rules/invalid-action/
  go test ./...
  git add rules/invalid-workflow/generated.go rules/invalid-action/generated.go
  git commit -m "chore: regenerate from updated SchemaStore schema"
  

  This will activate the code-quality permission support and the corrected event type constraints.

• No migration steps required — all schema changes are additive or bug-fixing; no hand-written rule logic in invalid_workflow.go or invalid_action.go needs updating.

🔗 Reference Links

• SchemaStore compare: ba06047...fd0ba84 — https://github.com/SchemaStore/schemastore/compare/ba06047ce1713d3d8fbc8ff24cb99fb223c5638a..fd0ba84dee6ba4f1448ce7e457e4373ea920bcba
• Add code-quality permission PR: Add code-quality to GitHub Workflow permissions SchemaStore/schemastore#5736
• Fix GitHub workflow event type constraints PR: Fix GitHub workflow event type constraints SchemaStore/schemastore#5796

Generated by koki-develop/claude-renovate-review