chore(deps): update amannn/action-semantic-pull-request action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
amannn/action-semantic-pull-request	action	major	v5 -> v6

---

Release Notes

amannn/action-semantic-pull-request (amannn/action-semantic-pull-request)

v6

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Note

Bump the PR title linting action in the workflow to amannn/action-semantic-pull-request v6.

• CI:
  • Update /.github/workflows/lint-pr-title.yml to use amannn/action-semantic-pull-request@v6 (from v5).

^{Written by Cursor Bugbot for commit 6589e0a. This will update automatically on new commits. Configure here.}

[github-actions]

@launchdarkly/browser size report
This is the brotli compressed size of the ESM build.
Compressed size: 169118 bytes
Compressed size limit: 200000
Uncompressed size: 789399 bytes

[github-actions]

@launchdarkly/js-sdk-common size report
This is the brotli compressed size of the ESM build.
Compressed size: 24988 bytes
Compressed size limit: 26000
Uncompressed size: 122411 bytes

[github-actions]

@launchdarkly/js-client-sdk size report
This is the brotli compressed size of the ESM build.
Compressed size: 21721 bytes
Compressed size limit: 25000
Uncompressed size: 74698 bytes

[github-actions]

@launchdarkly/js-client-sdk-common size report
This is the brotli compressed size of the ESM build.
Compressed size: 17636 bytes
Compressed size limit: 20000
Uncompressed size: 90259 bytes

[semgrep-code-launchdarkly]

Semgrep identified an issue in your code:
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

To resolve this comment:

✨ Commit Assistant fix suggestion

Suggested change

	- uses: amannn/action-semantic-pull-request@v6
	# Pinned to v6.0.0 commit SHA for security and immutability
	- uses: amannn/action-semantic-pull-request@3e2c24303b82e3c3965b7be22151a371a51046ce

View step-by-step instructions

1. Change the uses: amannn/action-semantic-pull-request@v6 line to reference a specific full length commit SHA rather than a tag.
2. Visit the amannn/action-semantic-pull-request GitHub repository releases page, find the SHA for the specific version you want (for example, v6), and copy its full commit SHA (a 40 character hexadecimal string).
3. Update the action reference to use the format uses: amannn/action-semantic-pull-request@<commit-sha>, replacing <commit-sha> with the SHA you copied.
   For example, uses: amannn/action-semantic-pull-request@3e2c24303b82e3c3965b7be22151a371a51046ce
   Pinning to a commit SHA ensures the action is not updated unexpectedly, which helps lock your workflow to a trusted version.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by third-party-action-not-pinned-to-commit-sha.

_{You can view more details about this finding in the Semgrep AppSec Platform.}