From 1bba3c135e657e155c87c9789891e68338a88c4e Mon Sep 17 00:00:00 2001
From: DJ <dj@Rachels-MacBook-Air.local>
Date: Thu, 16 Apr 2026 19:25:45 -0700
Subject: [PATCH 1/3] fix(dependabot-rebase): bump SHA to 3c6335c (includes
 @dependabot rebase fallback)

---
 .github/workflows/dependabot-rebase.yml   | 8 +++++---
 standards/workflows/dependabot-rebase.yml | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/dependabot-rebase.yml b/.github/workflows/dependabot-rebase.yml
index 05c282a..5b19544 100644
--- a/.github/workflows/dependabot-rebase.yml
+++ b/.github/workflows/dependabot-rebase.yml
@@ -6,8 +6,10 @@
 # AGENTS — READ BEFORE EDITING:
 #   • This file is a THIN CALLER STUB. All rebase/merge serialization logic
 #     lives in the reusable workflow above.
-#   • You MAY change: the SHA in the `uses:` line when upgrading the reusable
-#     workflow version (bump SHA to latest main of petry-projects/.github).
+#   • You MAY change: nothing in normal use. NOTE: this file intentionally uses
+#     a LOCAL ref (`./`) instead of a pinned SHA — this repo IS the source of
+#     truth, so a local ref is always current. Other repos use pinned SHAs
+#     (see standards/workflows/dependabot-rebase.yml).
 #   • You MUST NOT change: trigger event, the concurrency group name,
 #     the explicit secrets block, or the job-level `permissions:` block —
 #     reusable workflows can be granted no more permissions than the calling
@@ -41,7 +43,7 @@ jobs:
     permissions:
       contents: write   # update-branch via GITHUB_TOKEN (may touch .github/workflows/)
       pull-requests: write  # re-approve PRs after branch update
-    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@f5c167c903b50ae64c1c6445a02d60cd940d4253 # v1
+    uses: ./.github/workflows/dependabot-rebase-reusable.yml  # local ref — always current
     secrets:
       APP_ID: ${{ secrets.APP_ID }}
       APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
diff --git a/standards/workflows/dependabot-rebase.yml b/standards/workflows/dependabot-rebase.yml
index 05c282a..7276833 100644
--- a/standards/workflows/dependabot-rebase.yml
+++ b/standards/workflows/dependabot-rebase.yml
@@ -41,7 +41,7 @@ jobs:
     permissions:
       contents: write   # update-branch via GITHUB_TOKEN (may touch .github/workflows/)
       pull-requests: write  # re-approve PRs after branch update
-    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@f5c167c903b50ae64c1c6445a02d60cd940d4253 # v1
+    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@3c6335c6ee3e2f1a37f3e27e065e28d36d9c0dde # v1
     secrets:
       APP_ID: ${{ secrets.APP_ID }}
       APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}

From 46a97fc3fbe21ddf39792ebb1d87f7e18601ab65 Mon Sep 17 00:00:00 2001
From: DJ <dj@Rachels-MacBook-Air.local>
Date: Thu, 16 Apr 2026 21:50:02 -0700
Subject: [PATCH 2/3] fix(standards): correct SHA in dependabot-rebase template
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The SHA 3c6335c6ee3e2f1a37f3e27e065e28d36d9c0dde is a typo — it does not
exist in the .github repo. The real full SHA for the
'fix(dependabot-rebase): fall back to @dependabot rebase' commit is
3c6335c0a214bba940bbcbc4346e9d4ab0cb63e1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 standards/workflows/dependabot-rebase.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/standards/workflows/dependabot-rebase.yml b/standards/workflows/dependabot-rebase.yml
index 7276833..1b09a6d 100644
--- a/standards/workflows/dependabot-rebase.yml
+++ b/standards/workflows/dependabot-rebase.yml
@@ -41,7 +41,7 @@ jobs:
     permissions:
       contents: write   # update-branch via GITHUB_TOKEN (may touch .github/workflows/)
       pull-requests: write  # re-approve PRs after branch update
-    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@3c6335c6ee3e2f1a37f3e27e065e28d36d9c0dde # v1
+    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@3c6335c0a214bba940bbcbc4346e9d4ab0cb63e1 # v1
     secrets:
       APP_ID: ${{ secrets.APP_ID }}
       APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}

From 5a086dac2e408296a7fa1342bee053511ebbf989 Mon Sep 17 00:00:00 2001
From: DJ <dj@Rachels-MacBook-Air.local>
Date: Fri, 17 Apr 2026 09:47:26 -0700
Subject: [PATCH 3/3] chore(standards): bump dependabot-rebase template SHA to
 current main

Updates standards/workflows/dependabot-rebase.yml to reference the
current main SHA (9a694e5). All repos are being updated to this SHA
via individual PRs in this wave.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 standards/workflows/dependabot-rebase.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/standards/workflows/dependabot-rebase.yml b/standards/workflows/dependabot-rebase.yml
index 1b09a6d..7f6bf7e 100644
--- a/standards/workflows/dependabot-rebase.yml
+++ b/standards/workflows/dependabot-rebase.yml
@@ -41,7 +41,7 @@ jobs:
     permissions:
       contents: write   # update-branch via GITHUB_TOKEN (may touch .github/workflows/)
       pull-requests: write  # re-approve PRs after branch update
-    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@3c6335c0a214bba940bbcbc4346e9d4ab0cb63e1 # v1
+    uses: petry-projects/.github/.github/workflows/dependabot-rebase-reusable.yml@9a694e5798ebb596476e6eda80f11e832d8fd0a9 # main
     secrets:
       APP_ID: ${{ secrets.APP_ID }}
       APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}