PublicArchive/bevy
2
0
Fork 0
mirror of https://github.com/bevyengine/bevy.git synced 2026-05-06 06:06:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
11,380 Commits 35 Branches 55 Tags
main
Commit Graph

410 Commits

Author SHA1 Message Date
François Mockers 9e85b052d8 cache packages from ppa:kisak/turtle (#24143) 
# Objective

- ppa:kisak/turtle has been unstable lately
- Improve CI stability

## Solution

- Cache the packages in actions cache
- Use the cache if available, otherwise clean install

## Testing

- I did the same changes to the example runner
 2026-05-05 23:13:01 +00:00
dependabot[bot] 474ee77d12 Bump github/codeql-action from 4.32.6 to 4.35.2 (#24051) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.32.6 to 4.35.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.2</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>v4.35.1</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>v4.35.0</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>v4.34.1</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>v4.34.0</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>v4.33.0</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using advanced setup:</strong> Set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
</ul>
</li>
<li>
<p>Fixed <a
href="https://redirect.github.com/github/codeql-action/issues/3555">a
bug</a> which caused the CodeQL Action to fail loading repository
properties if a &quot;Multi select&quot; repository property was
configured for the repository. <a
href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p>
</li>
<li>
<p>The CodeQL Action now loads <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom
repository properties</a> on GitHub Enterprise Server, enabling the
customization of features such as
<code>github-codeql-disable-overlay</code> that was previously only
available on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p>
</li>
<li>
<p>Once <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a> can be configured with OIDC-based authentication
for organizations, the CodeQL Action will now be able to accept such
configurations. <a
href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p>
</li>
<li>
<p>Fixed the retry mechanism for database uploads. Previously this would
fail with the error &quot;Response body object should not be disturbed
or locked&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p>
</li>
<li>
<p>A warning is now emitted if the CodeQL Action detects a repository
property whose name suggests that it relates to the CodeQL Action, but
which is not one of the properties recognised by the current version of
the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>4.34.1 - 20 Mar 2026</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>4.34.0 - 20 Mar 2026</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>4.33.0 - 16 Mar 2026</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/95e58e9a2cdfd71adc6e0353d5c52f41a045d225"><code>95e58e9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3824">#3824</a>
from github/update-v4.35.2-d2e135a73</li>
<li><a
href="https://github.com/github/codeql-action/commit/6f31bfe060e817d81e938dbec767969d20031e25"><code>6f31bfe</code></a>
Update changelog for v4.35.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/d2e135a73a39154e3a231aeb49163c4661c5b8b1"><code>d2e135a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3823">#3823</a>
from github/update-bundle/codeql-bundle-v2.25.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/60abb65df09fcf213c398e064c8a80db1f15cdaf"><code>60abb65</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/5a0a562209255e956ad8aafcee303294e64eefa2"><code>5a0a562</code></a>
Update default bundle to codeql-bundle-v2.25.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/65216971a11ded447a6b76263d5a144519e5eee1"><code>6521697</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3820">#3820</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/3c45af2dd258e1623af1898da5c86545b514e028"><code>3c45af2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3821">#3821</a>
from github/dependabot/npm_and_yarn/npm-minor-345b93...</li>
<li><a
href="https://github.com/github/codeql-action/commit/f1c339364c12f922998186ed897e45e3b4ae8874"><code>f1c3393</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/1024fc496c87e944a93e98d8cf2c09e2c7602a30"><code>1024fc4</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/9dd4cfed96030ccdfe1af4daf7a7964322704fed"><code>9dd4cfe</code></a>
Bump the npm-minor group across 1 directory with 6 updates</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...95e58e9a2cdfd71adc6e0353d5c52f41a045d225">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 22:58:54 +00:00
dependabot[bot] dd9203c4b0 Bump actions/cache from 5.0.4 to 5.0.5 (#24053) 
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to
5.0.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Update ts-http-runtime dependency by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1747">actions/cache#1747</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.0.5">https://github.com/actions/cache/compare/v5...v5.0.5</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]<br />
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a
href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a
href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a>
with the new version and changes in the <code>## Changelog</code>
section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by
updating the <a
href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a>
file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed
and merged.</li>
<li>Draft a new release <a
href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a>
use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you
made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a
href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version
number.</li>
<li>Approve the run to publish the new version and update the major tags
for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>5.0.4</h3>
<ul>
<li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar
patterns)</li>
<li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb
protection, header validation fixes)</li>
<li>Bump <code>fast-xml-parser</code> to v5.5.6</li>
</ul>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.3 <a
href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li>
</ul>
<h3>5.0.1</h3>
<ul>
<li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via
<code>@actions/cache@5.0.1</code> <a
href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li>
</ul>
<h3>5.0.0</h3>
<blockquote>
<p>[!IMPORTANT]
<code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of <code>2.327.1</code>.</p>
</blockquote>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae"><code>27d5ce7</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1747">#1747</a>
from actions/yacaovsnc/update-dependency</li>
<li><a
href="https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd"><code>f280785</code></a>
licensed changes</li>
<li><a
href="https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7"><code>619aeb1</code></a>
npm run build generated dist files</li>
<li><a
href="https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6"><code>bcf16c2</code></a>
Update ts-http-runtime to 0.3.5</li>
<li>See full diff in <a
href="https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 22:57:39 +00:00
dependabot[bot] 0376e7177f Bump crate-ci/typos from 1.45.1 to 1.45.2 (#24128) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.45.1 to
1.45.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.45.2</h2>
<h2>[1.45.2] - 2026-04-27</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore ssh ed25519 public keys</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.46.0] - 2026-04-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1531">April
2026</a> changes</li>
</ul>
<h2>[1.45.2] - 2026-04-27</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore ssh ed25519 public keys</li>
</ul>
<h2>[1.45.1] - 2026-04-13</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Use a temp dir for caching</li>
</ul>
<h2>[1.45.0] - 2026-04-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1509">March
2026</a> changes</li>
</ul>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1488">February
2026</a> changes</li>
</ul>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/7c572958218557a3272c2d6719629443b5cc26fd"><code>7c57295</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/b5056d68e672a71305f3b5b1dfc3b7e200570b2a"><code>b5056d6</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a063c3f6bd6e6e01d91127d5715b0f574fdabda6"><code>a063c3f</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1544">#1544</a>
from epage/pub</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5d5e80b1f98b3db3d32198b5a3807aa0fd16208d"><code>5d5e80b</code></a>
fix(tokens): Ignore ssh ed25519 pub keys</li>
<li><a
href="https://github.com/crate-ci/typos/commit/4da614bf1e9c420ec7cbf6c949df86a1b855f422"><code>4da614b</code></a>
test(tokens): Show parsing of a public key</li>
<li><a
href="https://github.com/crate-ci/typos/commit/93c857b593a98e94ba33871b7130363df8b5d51f"><code>93c857b</code></a>
chore(deps): Update Rust Stable to v1.95 (<a
href="https://redirect.github.com/crate-ci/typos/issues/1540">#1540</a>)</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/cf5f1c29a8ac336af8568821ec41919923b05a83...7c572958218557a3272c2d6719629443b5cc26fd">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.45.1&new-version=1.45.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 19:17:36 +00:00
dependabot[bot] 35678126c4 Bump crate-ci/typos from 1.45.0 to 1.45.1 (#24054) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.45.0 to
1.45.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.45.1</h2>
<h2>[1.45.1] - 2026-04-13</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Use a temp dir for caching</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.46.0] - 2026-04-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1531">April
2026</a> changes</li>
</ul>
<h2>[1.45.2] - 2026-04-27</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore ssh ed25519 public keys</li>
</ul>
<h2>[1.45.1] - 2026-04-13</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Use a temp dir for caching</li>
</ul>
<h2>[1.45.0] - 2026-04-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1509">March
2026</a> changes</li>
</ul>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1488">February
2026</a> changes</li>
</ul>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/cf5f1c29a8ac336af8568821ec41919923b05a83"><code>cf5f1c2</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/485d42553ebf5bd9c810c24c6521bf608d663e70"><code>485d425</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/2fe77ce0ce53ef0ba47e9b371fef1a949baaff3a"><code>2fe77ce</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1539">#1539</a>
from epage/action</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a9595eaf0cc3266bd7fa5c3b2ec7e2a5f3685d18"><code>a9595ea</code></a>
fix(action): Leave binary in temp dir</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/02ea592e44b3a53c302f697cddca7641cd051c3d...cf5f1c29a8ac336af8568821ec41919923b05a83">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.45.0&new-version=1.45.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-04 16:15:20 -07:00
dependabot[bot] d461e33e24 Bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (#24052) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.5.2 to 0.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.3</h2>
<h2>What's Changed</h2>
<ul>
<li><code>1.24.0</code> and <code>1.24.1</code> are now available via
the action</li>
<li><code>1.24.1</code> is now the default version of zizmor used by the
action</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3">https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/b1d7e1fb5de872772f31590499237e7cce841e8e"><code>b1d7e1f</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/102">#102</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/a195b57475917ddcb70845e5ffe1c3a15dbbdedc"><code>a195b57</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/100">#100</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/629d5d01fe5939a6aeae25c1bd1acd2cfa28e9b2"><code>629d5d0</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/99">#99</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/453d591467e8199b1d5c6883b6ec5c22a12aac72"><code>453d591</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/98">#98</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/ea2c18b942410df0b22bed3b94c361c407518d45"><code>ea2c18b</code></a>
Bump pins (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/97">#97</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8...b1d7e1fb5de872772f31590499237e7cce841e8e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.5.2&new-version=0.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-04 16:15:20 -07:00
Luo Zhihao c757497b27 Gate LTC LUTs behind a feature and merge them to a texture array (#24065) 
# Objective

Alternative to #24004.

https://github.com/bevyengine/bevy/pull/23288 adds ltc luts for rect
light support which implicitly requires `bevy_image/ktx2` and
`bevy_image/zstd` otherwise loading ltc luts will panic.

We either accept to always enable area light supoort (#24004), or add a
feature to opt out it (this PR).

## Solution

Gate ltc luts behind a feature and merge them to a texture array.

## Testing

`rect_light` example works.

---------

Co-authored-by: Kevin Chen <chen.kevin.f@gmail.com>
 2026-05-04 16:15:20 -07:00
Alice Cecile ebbc1e6e45 Increase time allocated to run-examples-on-windows-dx12 (#24107) 
# Objective

Stopgap solution for #24106 so we can actually merge things.

## Solution

Double the time allocated (we're game-devs here after all).
Leave a comment to the issue tracking this, so when we inevitably get
annoyed about how slow this is we have a breadcrumb trail.

## Testing

CI do your thing!
 2026-05-03 23:05:22 +00:00
dependabot[bot] e9bfe1efed Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#23851) 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 7.0.0 to 7.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update the readme with direct upload details by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li>
<li>Readme: bump all the example versions to v7 by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></li>
<li>Include changes in typespec/ts-http-runtime 0.3.5 by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/797">actions/upload-artifact#797</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v7...v7.0.1">https://github.com/actions/upload-artifact/compare/v7...v7.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"><code>043fb46</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a>
from actions/yacaovsnc/update-dependency</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94"><code>634250c</code></a>
Include changes in typespec/ts-http-runtime 0.3.5</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8"><code>e454baa</code></a>
Readme: bump all the example versions to v7 (<a
href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e"><code>74fad66</code></a>
Update the readme with direct upload details (<a
href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=7.0.0&new-version=7.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 04:59:46 +00:00
dependabot[bot] 6fcb973276 Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#23850) 
Bumps
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
from 8.1.0 to 8.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v8.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump the npm group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4305">peter-evans/create-pull-request#4305</a></li>
<li>build(deps): bump minimatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4311">peter-evans/create-pull-request#4311</a></li>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4316">peter-evans/create-pull-request#4316</a></li>
<li>build(deps): bump <code>@​tootallnate/once</code> and
jest-environment-jsdom by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4323">peter-evans/create-pull-request#4323</a></li>
<li>build(deps-dev): bump undici from 6.23.0 to 6.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4328">peter-evans/create-pull-request#4328</a></li>
<li>build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4334">peter-evans/create-pull-request#4334</a></li>
<li>build(deps): bump picomatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4339">peter-evans/create-pull-request#4339</a></li>
<li>build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4344">peter-evans/create-pull-request#4344</a></li>
<li>build(deps-dev): bump the npm group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4349">peter-evans/create-pull-request#4349</a></li>
<li>fix: retry post-creation API calls on 422 eventual consistency
errors by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4356">peter-evans/create-pull-request#4356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1">https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/5f6978faf089d4d20b00c7766989d076bb2fc7f1"><code>5f6978f</code></a>
fix: retry post-creation API calls on 422 eventual consistency errors
(<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4356">#4356</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/d32e88dac789dcc7906e7d26f69f24116fa9c97d"><code>d32e88d</code></a>
build(deps-dev): bump the npm group with 3 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4349">#4349</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/8170bccad11c0df62542c04dcaefe36d342dfd39"><code>8170bcc</code></a>
build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4344">#4344</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/00418193b417f888dbf1d993c5c0d31d27fdc7de"><code>0041819</code></a>
build(deps): bump picomatch (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4339">#4339</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/b993918c8536b6d44706130734d5456879762b27"><code>b993918</code></a>
build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4334">#4334</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/36d7c8468b48f9c2f8f29e260e82f10d4b90d2bd"><code>36d7c84</code></a>
build(deps-dev): bump undici from 6.23.0 to 6.24.0 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4328">#4328</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/a45d1fb447fcaf601166e405fd4f335cde1a8aa8"><code>a45d1fb</code></a>
build(deps): bump <code>@​tootallnate/once</code> and
jest-environment-jsdom (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4323">#4323</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/3499eb61835cc0015c0b786e203d74b1e8f55e43"><code>3499eb6</code></a>
build(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4316">#4316</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/3f3b473b8c148f5a7520efb4d1f9a70eea3d9d1f"><code>3f3b473</code></a>
build(deps): bump minimatch (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4311">#4311</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/6699836a213cf8b28c4f0408a404a6ac79d4458a"><code>6699836</code></a>
build(deps-dev): bump the npm group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4305">#4305</a>)</li>
<li>See full diff in <a
href="https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=8.1.0&new-version=8.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 04:59:42 +00:00
dependabot[bot] b3012e85bf Bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#23849) 
Bumps
[actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact)
from 4.0.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-pages-artifact/releases">actions/upload-pages-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h1>Changelog</h1>
<ul>
<li>Update upload-artifact action to version 7 <a
href="https://github.com/Tom-van-Woudenberg"><code>@​Tom-van-Woudenberg</code></a>
(<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/139">#139</a>)</li>
<li>feat: add <code>include-hidden-files</code> input <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> (<a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/137">#137</a>)</li>
</ul>
<p>See details of <a
href="https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1">all
code changes</a> since previous release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9"><code>fc324d3</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/139">#139</a>
from Tom-van-Woudenberg/patch-1</li>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3"><code>fe9d4b7</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980"><code>0ca1617</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-pages-artifact/issues/137">#137</a>
from jonchurch/include-hidden-files</li>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b"><code>57f0e84</code></a>
Update action.yml</li>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d"><code>4a90348</code></a>
v7 --&gt; hash</li>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569"><code>56f665a</code></a>
Update upload-artifact action to version 7</li>
<li><a
href="https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414"><code>f7615f5</code></a>
Add <code>include-hidden-files</code> input</li>
<li>See full diff in <a
href="https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-pages-artifact&package-manager=github_actions&previous-version=4.0.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 04:59:38 +00:00
dependabot[bot] 23bc836061 Bump actions/github-script from 8.0.0 to 9.0.0 (#23848) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 8.0.0 to 9.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v9.0.0</h2>
<p><strong>New features:</strong></p>
<ul>
<li><strong><code>getOctokit</code> factory function</strong> —
Available directly in the script context. Create additional
authenticated Octokit clients with different tokens for multi-token
workflows, GitHub App tokens, and cross-org access. See <a
href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating
additional clients with <code>getOctokit</code></a> for details and
examples.</li>
<li><strong>Orchestration ID in user-agent</strong> — The
<code>ACTIONS_ORCHESTRATION_ID</code> environment variable is
automatically appended to the user-agent string for request
tracing.</li>
</ul>
<p><strong>Breaking changes:</strong></p>
<ul>
<li><strong><code>require('@actions/github')</code> no longer works in
scripts.</strong> The upgrade to <code>@actions/github</code> v9
(ESM-only) means <code>require('@actions/github')</code> will fail at
runtime. If you previously used patterns like <code>const { getOctokit }
= require('@actions/github')</code> to create secondary clients, use the
new injected <code>getOctokit</code> function instead — it's available
directly in the script context with no imports needed.</li>
<li><code>getOctokit</code> is now an injected function parameter.
Scripts that declare <code>const getOctokit = ...</code> or <code>let
getOctokit = ...</code> will get a <code>SyntaxError</code> because
JavaScript does not allow <code>const</code>/<code>let</code>
redeclaration of function parameters. Use the injected
<code>getOctokit</code> directly, or use <code>var getOctokit =
...</code> if you need to redeclare it.</li>
<li>If your script accesses other <code>@actions/github</code> internals
beyond the standard <code>github</code>/<code>octokit</code> client, you
may need to update those references for v9 compatibility.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li>
<li>ci: use deployment: false for integration test environments by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li>
<li>feat!: add getOctokit to script context, upgrade
<code>@​actions/github</code> v9, <code>@​octokit/core</code> v7, and
related packages by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/700">#700</a>
from actions/salmanmkc/expose-getoctokit + prepare re...</li>
<li><a
href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a>
fix: use <code>@​octokit/core/</code>types import for v7
compatibility</li>
<li><a
href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a>
merge: incorporate main branch changes</li>
<li><a
href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a>
chore: rebuild dist for v9 upgrade and getOctokit factory</li>
<li><a
href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/712">#712</a>
from actions/salmanmkc/deployment-false + fix user-ag...</li>
<li><a
href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a>
ci: fix user-agent test to handle orchestration ID</li>
<li><a
href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a>
ci: use deployment: false to suppress deployment noise from integration
tests</li>
<li><a
href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a>
docs: update README examples from <a
href="https://github.com/v8"><code>@​v8</code></a> to <a
href="https://github.com/v9"><code>@​v9</code></a>, add getOctokit docs
and v9 brea...</li>
<li><a
href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a>
ci: add getOctokit integration test job</li>
<li><a
href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a>
test: add getOctokit integration tests via callAsyncFunction</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=8.0.0&new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-28 04:59:33 +00:00
dependabot[bot] f4a3183e4d Bump super-linter/super-linter from 8.5.0 to 8.6.0 (#23746) 
Bumps
[super-linter/super-linter](https://github.com/super-linter/super-linter)
from 8.5.0 to 8.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/super-linter/super-linter/releases">super-linter/super-linter's
releases</a>.</em></p>
<blockquote>
<h2>v8.6.0</h2>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.5.0...v8.6.0">8.6.0</a>
(2026-03-31)</h2>
<h3>🚀 Features</h3>
<ul>
<li>improve zsh scripts support (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7674">#7674</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/6a65d3adebc1c43ee69e73ef89afc43dcd00a1f4">6a65d3a</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7618">#7618</a></li>
</ul>
<h3>🐛 Bugfixes</h3>
<ul>
<li>exclude zsh scripts from file list (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7536">#7536</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/d0e883c27e5650a5e7b15b9828782b0534a31f04">d0e883c</a>)</li>
<li>set markdownlint glob paths from rules file (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7652">#7652</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/53eb3bb4a7af91ce4d481a0cbe83b9c48cdc76f3">53eb3bb</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7650">#7650</a></li>
<li>unset log level when getting renovate version (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7594">#7594</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/72c2bd7d30dde18253acaf7eb19fbdd82d882bdd">72c2bd7</a>)</li>
</ul>
<h3>⬆️ Dependency updates</h3>
<ul>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7514">#7514</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/f2264d2192a8a6d1783784d35f38e2614fe1246b">f2264d2</a>)</li>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7604">#7604</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c929dc3930a17d49e1241e9ae60e74d9acd84cd0">c929dc3</a>)</li>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7662">#7662</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/bfb2fd9d15921b3754ca5552d5f594aa1f335a70">bfb2fd9</a>)</li>
<li><strong>bundler:</strong> bump rubocop-github in /dependencies in
the rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7640">#7640</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a88d75e83b80c675fb15c5386fd2c1ca18539987">a88d75e</a>)</li>
<li><strong>bundler:</strong> bump the rubocop group across 1 directory
with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7565">#7565</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/56ae6b3172ce896b6de144e01d571dc17e7e8783">56ae6b3</a>)</li>
<li><strong>docker:</strong> bump python in the docker-base-images group
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7319">#7319</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/717c087c8da4648e7e994f3fe23b6b5d07db22c6">717c087</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 4 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7698">#7698</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/11c750e283cb5dfd7929b9b481e96398be73a89d">11c750e</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7615">#7615</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/d7e1bd8014234622c1a0360306f70db762695f89">d7e1bd8</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 6 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7566">#7566</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/0f9cf19868a10dac6c79786bea7218ee26b416d2">0f9cf19</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 6 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7631">#7631</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ad7f508176cf54880690566d5e4f3ca768c3b983">ad7f508</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 9 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7513">#7513</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/89e3725c94fd83a92e60bd5f2f945c2ca093356c">89e3725</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7577">#7577</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/8b2f0c0f75d03074cfb8e54488a1bb9d6f6812a6">8b2f0c0</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7641">#7641</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7293e372c8c9646abbbf0b0fb708378301e9ceef">7293e37</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7663">#7663</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/eabfa250a0b286fb64fe39620d46ba2e99172d8e">eabfa25</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7689">#7689</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/4c66d9db74776aae66a40422f619925c63e39bcb">4c66d9d</a>)</li>
<li><strong>java:</strong> bump the java-gradle group across 2
directories with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7581">#7581</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/51af5a0a3f2de42d5da05633254da80e8fdac9ba">51af5a0</a>)</li>
<li><strong>npm:</strong> bump ajv from 6.12.6 to 6.14.0 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7550">#7550</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7f00eb798ace89076cf6ff76362124c4d0aae4e2">7f00eb7</a>)</li>
<li><strong>npm:</strong> bump axios from 1.12.2 to 1.13.5 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7510">#7510</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a8911692ade5ecb39076a28caa9d256b4f6e37c5">a891169</a>)</li>
<li><strong>npm:</strong> bump brace-expansion from 1.1.12 to 1.1.13 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7685">#7685</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/92c4cea9316fdef8caf672ad8b45a50aa2a603f1">92c4cea</a>)</li>
<li><strong>npm:</strong> bump express-rate-limit from 8.2.1 to 8.3.0 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7613">#7613</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c184a25403438ae863b62e387238c5ea255df7ee">c184a25</a>)</li>
<li><strong>npm:</strong> bump flatted from 3.3.3 to 3.4.1 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7636">#7636</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/013d8a7e7b3807624cfcb66115bd4e8c37d9d717">013d8a7</a>)</li>
<li><strong>npm:</strong> bump hono from 4.11.7 to 4.12.2 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7559">#7559</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/5c3679f96181c1c740da003e6ff44a01227409f4">5c3679f</a>)</li>
<li><strong>npm:</strong> bump hono from 4.12.5 to 4.12.7 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7624">#7624</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c31d9ad9c5b77912d8cf5a065b12cfbd973277b6">c31d9ad</a>)</li>
<li><strong>npm:</strong> bump markdown-it and renovate in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7529">#7529</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/9b794c2ca549d14a7040bd85fe371ae95d8f4238">9b794c2</a>)</li>
<li><strong>npm:</strong> bump path-to-regexp from 8.3.0 to 8.4.0 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7687">#7687</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/309fb556c9084bb530393ff092192601a3036842">309fb55</a>)</li>
<li><strong>npm:</strong> bump picomatch in /dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7675">#7675</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/df4f15eb789f18a645638b175f73bfb7d26b2ab5">df4f15e</a>)</li>
<li><strong>npm:</strong> bump qs from 6.14.1 to 6.14.2 in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7520">#7520</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a9e65346be4ff66dc0e8882c318c518b4c369dfb">a9e6534</a>)</li>
<li><strong>npm:</strong> bump renovate (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7699">#7699</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b91627fac4a4322aad3923cdb460f22278ff8f84">b91627f</a>)</li>
<li><strong>npm:</strong> bump renovate from 43.4.0 to 43.4.4 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7524">#7524</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/2ab5b9c7207c98b04244c2d32080b0923193e419">2ab5b9c</a>)</li>
<li><strong>npm:</strong> bump smol-toml from 1.6.0 to 1.6.1 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7676">#7676</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/d0154986ed2a12d0dcebf293b50a52d7d8d33eda">d015498</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 15
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7595">#7595</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/58ee821839c7e0d8979f759a8e5ca0d99bb50737">58ee821</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7623">#7623</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ddb4fbb1bcda186b70980b7b8806956868f12af5">ddb4fbb</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md">super-linter/super-linter's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.5.0...v8.6.0">8.6.0</a>
(2026-03-31)</h2>
<h3>🚀 Features</h3>
<ul>
<li>improve zsh scripts support (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7674">#7674</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/6a65d3adebc1c43ee69e73ef89afc43dcd00a1f4">6a65d3a</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7618">#7618</a></li>
</ul>
<h3>🐛 Bugfixes</h3>
<ul>
<li>exclude zsh scripts from file list (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7536">#7536</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/d0e883c27e5650a5e7b15b9828782b0534a31f04">d0e883c</a>)</li>
<li>set markdownlint glob paths from rules file (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7652">#7652</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/53eb3bb4a7af91ce4d481a0cbe83b9c48cdc76f3">53eb3bb</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7650">#7650</a></li>
<li>unset log level when getting renovate version (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7594">#7594</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/72c2bd7d30dde18253acaf7eb19fbdd82d882bdd">72c2bd7</a>)</li>
</ul>
<h3>⬆️ Dependency updates</h3>
<ul>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7514">#7514</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/f2264d2192a8a6d1783784d35f38e2614fe1246b">f2264d2</a>)</li>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7604">#7604</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c929dc3930a17d49e1241e9ae60e74d9acd84cd0">c929dc3</a>)</li>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7662">#7662</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/bfb2fd9d15921b3754ca5552d5f594aa1f335a70">bfb2fd9</a>)</li>
<li><strong>bundler:</strong> bump rubocop-github in /dependencies in
the rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7640">#7640</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a88d75e83b80c675fb15c5386fd2c1ca18539987">a88d75e</a>)</li>
<li><strong>bundler:</strong> bump the rubocop group across 1 directory
with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7565">#7565</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/56ae6b3172ce896b6de144e01d571dc17e7e8783">56ae6b3</a>)</li>
<li><strong>docker:</strong> bump python in the docker-base-images group
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7319">#7319</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/717c087c8da4648e7e994f3fe23b6b5d07db22c6">717c087</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 4 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7698">#7698</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/11c750e283cb5dfd7929b9b481e96398be73a89d">11c750e</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7615">#7615</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/d7e1bd8014234622c1a0360306f70db762695f89">d7e1bd8</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 6 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7566">#7566</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/0f9cf19868a10dac6c79786bea7218ee26b416d2">0f9cf19</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 6 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7631">#7631</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ad7f508176cf54880690566d5e4f3ca768c3b983">ad7f508</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 9 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7513">#7513</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/89e3725c94fd83a92e60bd5f2f945c2ca093356c">89e3725</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7577">#7577</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/8b2f0c0f75d03074cfb8e54488a1bb9d6f6812a6">8b2f0c0</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7641">#7641</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7293e372c8c9646abbbf0b0fb708378301e9ceef">7293e37</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7663">#7663</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/eabfa250a0b286fb64fe39620d46ba2e99172d8e">eabfa25</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7689">#7689</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/4c66d9db74776aae66a40422f619925c63e39bcb">4c66d9d</a>)</li>
<li><strong>java:</strong> bump the java-gradle group across 2
directories with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7581">#7581</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/51af5a0a3f2de42d5da05633254da80e8fdac9ba">51af5a0</a>)</li>
<li><strong>npm:</strong> bump ajv from 6.12.6 to 6.14.0 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7550">#7550</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7f00eb798ace89076cf6ff76362124c4d0aae4e2">7f00eb7</a>)</li>
<li><strong>npm:</strong> bump axios from 1.12.2 to 1.13.5 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7510">#7510</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a8911692ade5ecb39076a28caa9d256b4f6e37c5">a891169</a>)</li>
<li><strong>npm:</strong> bump brace-expansion from 1.1.12 to 1.1.13 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7685">#7685</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/92c4cea9316fdef8caf672ad8b45a50aa2a603f1">92c4cea</a>)</li>
<li><strong>npm:</strong> bump express-rate-limit from 8.2.1 to 8.3.0 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7613">#7613</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c184a25403438ae863b62e387238c5ea255df7ee">c184a25</a>)</li>
<li><strong>npm:</strong> bump flatted from 3.3.3 to 3.4.1 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7636">#7636</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/013d8a7e7b3807624cfcb66115bd4e8c37d9d717">013d8a7</a>)</li>
<li><strong>npm:</strong> bump hono from 4.11.7 to 4.12.2 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7559">#7559</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/5c3679f96181c1c740da003e6ff44a01227409f4">5c3679f</a>)</li>
<li><strong>npm:</strong> bump hono from 4.12.5 to 4.12.7 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7624">#7624</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c31d9ad9c5b77912d8cf5a065b12cfbd973277b6">c31d9ad</a>)</li>
<li><strong>npm:</strong> bump markdown-it and renovate in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7529">#7529</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/9b794c2ca549d14a7040bd85fe371ae95d8f4238">9b794c2</a>)</li>
<li><strong>npm:</strong> bump path-to-regexp from 8.3.0 to 8.4.0 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7687">#7687</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/309fb556c9084bb530393ff092192601a3036842">309fb55</a>)</li>
<li><strong>npm:</strong> bump picomatch in /dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7675">#7675</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/df4f15eb789f18a645638b175f73bfb7d26b2ab5">df4f15e</a>)</li>
<li><strong>npm:</strong> bump qs from 6.14.1 to 6.14.2 in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7520">#7520</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a9e65346be4ff66dc0e8882c318c518b4c369dfb">a9e6534</a>)</li>
<li><strong>npm:</strong> bump renovate (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7699">#7699</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b91627fac4a4322aad3923cdb460f22278ff8f84">b91627f</a>)</li>
<li><strong>npm:</strong> bump renovate from 43.4.0 to 43.4.4 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7524">#7524</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/2ab5b9c7207c98b04244c2d32080b0923193e419">2ab5b9c</a>)</li>
<li><strong>npm:</strong> bump smol-toml from 1.6.0 to 1.6.1 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7676">#7676</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/d0154986ed2a12d0dcebf293b50a52d7d8d33eda">d015498</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 15
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7595">#7595</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/58ee821839c7e0d8979f759a8e5ca0d99bb50737">58ee821</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/super-linter/super-linter/commit/9e863354e3ff62e0727d37183162c4a88873df41"><code>9e86335</code></a>
chore(main): release 8.6.0 (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7512">#7512</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/b91627fac4a4322aad3923cdb460f22278ff8f84"><code>b91627f</code></a>
deps(npm): bump renovate (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7699">#7699</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/11c750e283cb5dfd7929b9b481e96398be73a89d"><code>11c750e</code></a>
deps(docker): bump the docker group across 1 directory with 4 updates
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7698">#7698</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/4c66d9db74776aae66a40422f619925c63e39bcb"><code>4c66d9d</code></a>
deps(java): bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7689">#7689</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/cb17f60448d5a62337497107ed4bce96b94ee570"><code>cb17f60</code></a>
deps(python): bump the pip group across 1 directory with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7684">#7684</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/6a65d3adebc1c43ee69e73ef89afc43dcd00a1f4"><code>6a65d3a</code></a>
feat: improve zsh scripts support (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7674">#7674</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/eb8ddc7e4009c2dbfd7f46a7cabfc632d707f0db"><code>eb8ddc7</code></a>
chore: update ruby and npm deps (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7694">#7694</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/db85efc302ace7a6a76736299cf2980078406e90"><code>db85efc</code></a>
deps(npm): bump the npm group across 1 directory with 9 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7690">#7690</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/c5ec78d4e2b6dfcd0913fb7ba563d85d6ebc05a9"><code>c5ec78d</code></a>
ci(dev-npm): bump the npm_and_yarn group across 1 directory with 1
update (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7">#7</a>...</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/f35a407c8ae5ce667dff3893baf00d62fb57cb90"><code>f35a407</code></a>
ci(dev-docker): bump node in /dev-dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7678">#7678</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/super-linter/super-linter/compare/61abc07d755095a68f4987d1c2c3d1d64408f1f9...9e863354e3ff62e0727d37183162c4a88873df41">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=super-linter/super-linter&package-manager=github_actions&previous-version=8.5.0&new-version=8.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:52:05 +00:00
dependabot[bot] 2a3184d95e Bump crate-ci/typos from 1.44.0 to 1.45.0 (#23747) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.44.0 to
1.45.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.45.0</h2>
<h2>[1.45.0] - 2026-04-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1509">March
2026</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.45.0] - 2026-04-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1509">March
2026</a> changes</li>
</ul>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1488">February
2026</a> changes</li>
</ul>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<h2>[1.43.3] - 2026-02-06</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Adjust how typos are reported to github</li>
</ul>
<h2>[1.43.2] - 2026-02-05</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>certifi</code> in Python</li>
</ul>
<h2>[1.43.1] - 2026-02-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>consts</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/02ea592e44b3a53c302f697cddca7641cd051c3d"><code>02ea592</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/b859c0df7f391deba73030f79b957e62b4d81dc6"><code>b859c0d</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/6fd32cee0c74337fd419788965d8f1c96d6f87a5"><code>6fd32ce</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/7626d89232db5fc0c23e290107cf420047e297e9"><code>7626d89</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1530">#1530</a>
from crate-ci/renovate/j178-prek-action-2.x</li>
<li><a
href="https://github.com/crate-ci/typos/commit/2c9510cd3b9756411e186a1ff1d0ee9a0bb61895"><code>2c9510c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1532">#1532</a>
from epage/march</li>
<li><a
href="https://github.com/crate-ci/typos/commit/265b88f6490711bebac4bb109149f1f06c2255e9"><code>265b88f</code></a>
feat(dict): March updates</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5baf2ce236258ea037d71f364aa7a13eb1d2cf70"><code>5baf2ce</code></a>
chore(deps): Update compatible (<a
href="https://redirect.github.com/crate-ci/typos/issues/1529">#1529</a>)</li>
<li><a
href="https://github.com/crate-ci/typos/commit/0442cb7c40aa99aa5a9ec99ac4c3f0c654260f34"><code>0442cb7</code></a>
chore(deps): Update j178/prek-action action to v2</li>
<li><a
href="https://github.com/crate-ci/typos/commit/8f11c0dc0f31c780c45b3dd5b72ff4b48a350b75"><code>8f11c0d</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1524">#1524</a>
from epage/update</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ecdbfab467d6037f796c649e7616aee4a6a16c5a"><code>ecdbfab</code></a>
chore: Update dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/631208b7aac2daa8b707f55e7331f9112b0e062d...02ea592e44b3a53c302f697cddca7641cd051c3d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.44.0&new-version=1.45.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:51:32 +00:00
dependabot[bot] 53ddd5e615 Bump actions/deploy-pages from 4.0.5 to 5.0.0 (#23633) 
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages)
from 4.0.5 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/deploy-pages/releases">actions/deploy-pages's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h1>Changelog</h1>
<ul>
<li>Update Node.js version to 24.x <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/404">#404</a>)</li>
<li>Add workflow file for publishing releases to immutable action
package <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/374">#374</a>)</li>
<li>Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1
directory <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/360">#360</a>)</li>
<li>Make the rebuild dist workflow work nicer with Dependabot <a
href="https://github.com/yoannchaudet"><code>@​yoannchaudet</code></a>
(<a
href="https://redirect.github.com/actions/deploy-pages/issues/361">#361</a>)</li>
<li>Bump the non-breaking-changes group across 1 directory with 3
updates <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/358">#358</a>)</li>
<li>Delete repeated sentence <a
href="https://github.com/garethsb"><code>@​garethsb</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/359">#359</a>)</li>
<li>Update README.md <a
href="https://github.com/tsusdere"><code>@​tsusdere</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/348">#348</a>)</li>
<li>Bump the non-breaking-changes group with 4 updates <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/341">#341</a>)</li>
<li>Remove error message for file permissions <a
href="https://github.com/TooManyBees"><code>@​TooManyBees</code></a> (<a
href="https://redirect.github.com/actions/deploy-pages/issues/340">#340</a>)</li>
</ul>
<hr />
<p>See details of <a
href="https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6">all
code changes</a> since previous release.</p>
<p>⚠️ For use with products other than GitHub.com, such as GitHub
Enterprise Server, please consult the <a
href="https://github.com/actions/deploy-pages/#compatibility">compatibility
table</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128"><code>cd2ce8f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/deploy-pages/issues/404">#404</a>
from salmanmkc/node24</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5"><code>bbe2a95</code></a>
Update Node.js version to 24.x</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a"><code>854d7aa</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/deploy-pages/issues/374">#374</a>
from actions/Jcambass-patch-1</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc"><code>306bb81</code></a>
Add workflow file for publishing releases to immutable action
package</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9"><code>b742728</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/deploy-pages/issues/360">#360</a>
from actions/dependabot/npm_and_yarn/npm_and_yarn-513...</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027"><code>7273294</code></a>
Bump braces in the npm_and_yarn group across 1 directory</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87"><code>963791f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/deploy-pages/issues/361">#361</a>
from actions/dependabot-friendly</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727"><code>51bb29d</code></a>
Make the rebuild dist workflow safer for Dependabot</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5"><code>89f3d10</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/deploy-pages/issues/358">#358</a>
from actions/dependabot/npm_and_yarn/non-breaking-cha...</li>
<li><a
href="https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c"><code>bce7355</code></a>
Merge branch 'main' into
dependabot/npm_and_yarn/non-breaking-changes-99c12deb21</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/deploy-pages&package-manager=github_actions&previous-version=4.0.5&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-03 07:28:03 +00:00
dependabot[bot] 2f891a8f9a Bump dtolnay/rust-toolchain from efa25f7f19611383d5b0ccf2d1c8914531636bf9 to 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 (#23632) 
Bumps
[dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from
efa25f7f19611383d5b0ccf2d1c8914531636bf9 to
3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9"><code>3c5f7ea</code></a>
Add 1.94.1 patch release</li>
<li>See full diff in <a
href="https://github.com/dtolnay/rust-toolchain/compare/efa25f7f19611383d5b0ccf2d1c8914531636bf9...3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-03 07:27:21 +00:00
dependabot[bot] 9d4b7e2b32 Bump actions/cache from 5.0.3 to 5.0.4 (#23538) 
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.3 to
5.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Add release instructions and update maintainer docs by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1696">actions/cache#1696</a></li>
<li>Potential fix for code scanning alert no. 52: Workflow does not
contain permissions by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1697">actions/cache#1697</a></li>
<li>Fix workflow permissions and cleanup workflow names / formatting by
<a href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1699">actions/cache#1699</a></li>
<li>docs: Update examples to use the latest version by <a
href="https://github.com/XZTDean"><code>@​XZTDean</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li>
<li>Fix proxy integration tests by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1701">actions/cache#1701</a></li>
<li>Fix cache key in examples.md for bun.lock by <a
href="https://github.com/RyPeck"><code>@​RyPeck</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li>
<li>Update dependencies &amp; patch security vulnerabilities by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1738">actions/cache#1738</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/XZTDean"><code>@​XZTDean</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li>
<li><a href="https://github.com/RyPeck"><code>@​RyPeck</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.0.4">https://github.com/actions/cache/compare/v5...v5.0.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]<br />
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a
href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a
href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a>
with the new version and changes in the <code>## Changelog</code>
section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by
updating the <a
href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a>
file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed
and merged.</li>
<li>Draft a new release <a
href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a>
use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you
made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a
href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version
number.</li>
<li>Approve the run to publish the new version and update the major tags
for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>5.0.4</h3>
<ul>
<li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar
patterns)</li>
<li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb
protection, header validation fixes)</li>
<li>Bump <code>fast-xml-parser</code> to v5.5.6</li>
</ul>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.3 <a
href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li>
</ul>
<h3>5.0.1</h3>
<ul>
<li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via
<code>@actions/cache@5.0.1</code> <a
href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li>
</ul>
<h3>5.0.0</h3>
<blockquote>
<p>[!IMPORTANT]
<code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of <code>2.327.1</code>.</p>
</blockquote>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7"><code>6682284</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1738">#1738</a>
from actions/prepare-v5.0.4</li>
<li><a
href="https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2"><code>e340396</code></a>
Update RELEASES</li>
<li><a
href="https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6"><code>8a67110</code></a>
Add licenses</li>
<li><a
href="https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830"><code>1865903</code></a>
Update dependencies &amp; patch security vulnerabilities</li>
<li><a
href="https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c"><code>5656298</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1722">#1722</a>
from RyPeck/patch-1</li>
<li><a
href="https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6"><code>4e380d1</code></a>
Fix cache key in examples.md for bun.lock</li>
<li><a
href="https://github.com/actions/cache/commit/b7e8d49f17405cc70c1c120101943203c98d3a4b"><code>b7e8d49</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1701">#1701</a>
from actions/Link-/fix-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/cache/commit/984a21b1cb176a0936f4edafb42be88978f93ef1"><code>984a21b</code></a>
Add traffic sanity check step</li>
<li><a
href="https://github.com/actions/cache/commit/acf2f1f76affe1ef80eee8e56dfddd3b3e5f0fba"><code>acf2f1f</code></a>
Fix resolution</li>
<li><a
href="https://github.com/actions/cache/commit/95a07c51324af6001b4d6ab8dff29f4dfadc2531"><code>95a07c5</code></a>
Add wait for proxy</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=5.0.3&new-version=5.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 06:54:11 +00:00
Martín Maita a80470f5ec Update Rodio to 0.22 (#20323) 
# Objective

- Closes #19672 

## Solution

- Updated both `cpal` and `rodio` to their latest versions.
- Updated code to address `rodio`'s breaking changes.
- Reworked audio related feature flags. NOTE: `symphonia` will only be
the default backend for formats with no alternative fallback.
- Added `audio-all-formats` feature collection to easily enable all the
available audio formats using their default backends.
- Replaced `aarch64-apple-ios-sim` target with
`arm64-apple-ios-simulator`.

## Testing

- Tested audio related examples.
- CI checks passing.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rob Parrett <robparrett@gmail.com>
 2026-03-24 23:31:06 +00:00
Miles Silberling-Cook 72602c397a Fix release-content hooks (#23478) 
When I renamed `/release-content` to `/_release-content`
https://github.com/bevyengine/bevy/pull/23469 , I forgot to update the
files in `.github`. It looks like this broke our hooks.

This should fix it.
 2026-03-23 01:45:19 +00:00
dependabot[bot] f987ca693d Bump actions/download-artifact from 8.0.0 to 8.0.1 (#23430) 
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 8.0.0 to 8.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Support for CJK characters in the artifact name by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/471">actions/download-artifact#471</a></li>
<li>Add a regression test for artifact name + content-type mismatches by
<a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/472">actions/download-artifact#472</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v8...v8.0.1">https://github.com/actions/download-artifact/compare/v8...v8.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c"><code>3e5f45b</code></a>
Add regression tests for CJK characters (<a
href="https://redirect.github.com/actions/download-artifact/issues/471">#471</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd"><code>e6d03f6</code></a>
Add a regression test for artifact name + content-type mismatches (<a
href="https://redirect.github.com/actions/download-artifact/issues/472">#472</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=8.0.0&new-version=8.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-20 07:24:07 +00:00
dependabot[bot] d3e388999d Bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#23431) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.5.0 to 0.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>zizmor 1.23.1 is now the default used by this action.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2">https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2</a></p>
<h2>v0.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>zizmor 1.23.0 is now the default used by this action.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1">https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8"><code>71321a2</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/96">#96</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/5ed31db0964a9d37608edd5b0675de2b52070662"><code>5ed31db</code></a>
Bump pins (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/95">#95</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/195d10ad90f31d8cd6ea1efd6ecc12969ddbe73f"><code>195d10a</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/94">#94</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/c65bc8876171b6d82748ec98b77c0193b1226b94"><code>c65bc88</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/93">#93</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/c2c887f84674f9c15123e2905d2d307675d8bc01"><code>c2c887f</code></a>
chore(deps): bump zizmorcore/zizmor-action in the github-actions group
(<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/91">#91</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/5507ab0c02a9ac3996895e1598d6b3385ea7d525"><code>5507ab0</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/90">#90</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.5.0&new-version=0.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-20 07:22:19 +00:00
Gonçalo Rica Pais da Silva bd0eee73dc Make the AI Policy more visible to newcomers (#23420) 
# Objective

We adopted an AI Policy regarding LLM assisted/generated PRs, but due to
https://github.com/bevyengine/bevy/pull/23276 slipping through, it
became clear this wasn't being surfaced to newcomers more easily,
leading to some confusion.

So to alleviate concerns raised by
https://github.com/bevyengine/bevy/issues/23418, we should rectify that.

## Solution

Simple, just link the AI Policy directly to newcomers. Links added to
the welcoming message and the CONTRIBUTING.md should at least allow a
more immediate notice to new contributors about our stance on AI
usage/contributions.

Further work is updating the Introduction page on the website to also
link to the AI Policy, perhaps with a more summarised explanation. If
this policy is important, it needs to be aggressively linked to and
mentioned so that readers find their way to it more easily.

## Testing

How do we test the welcoming message function? 😄
 2026-03-19 08:11:05 +00:00
dependabot[bot] 7fff8b4258 Bump crate-ci/typos from 1.43.5 to 1.44.0 (#23347) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.43.5 to
1.44.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.44.0</h2>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1488">February
2026</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1488">February
2026</a> changes</li>
</ul>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<h2>[1.43.3] - 2026-02-06</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Adjust how typos are reported to github</li>
</ul>
<h2>[1.43.2] - 2026-02-05</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>certifi</code> in Python</li>
</ul>
<h2>[1.43.1] - 2026-02-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>consts</code></li>
</ul>
<h2>[1.43.0] - 2026-02-02</h2>
<h3>Compatibility</h3>
<ul>
<li>Bumped MSRV to 1.91</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/631208b7aac2daa8b707f55e7331f9112b0e062d"><code>631208b</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/3d3c6e376823e66c4f3e2583fc47b8be83b66d71"><code>3d3c6e3</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ba1f545443d223c6bc2c821dad76c210fa78b46f"><code>ba1f545</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/102f66c093f0eb1a69937d3d1c589d5f16c5569b"><code>102f66c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1510">#1510</a>
from epage/feb</li>
<li><a
href="https://github.com/crate-ci/typos/commit/d303c9398affd88fc562292a2ec9433a37817b28"><code>d303c93</code></a>
feat(dict): February updates</li>
<li><a
href="https://github.com/crate-ci/typos/commit/30eea72e385d435c00a24eeba0d96f87048f42ec"><code>30eea72</code></a>
chore(ci): Update pre-build binary workflow</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/57b11c6b7e54c402ccd9cda953f1072ec4f78e33...631208b7aac2daa8b707f55e7331f9112b0e062d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.43.5&new-version=1.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-13 21:12:25 +00:00
dependabot[bot] 2c38fb834c Bump github/codeql-action from 4.32.2 to 4.32.6 (#23348) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.32.2 to 4.32.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.32.6</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li>
</ul>
<h2>v4.32.5</h2>
<ul>
<li>Repositories owned by an organization can now set up the
<code>github-codeql-disable-overlay</code> custom repository property to
disable <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis for CodeQL</a>. First, create a custom repository
property with the name <code>github-codeql-disable-overlay</code> and
the type &quot;True/false&quot; in the organization's settings. Then in
the repository's settings, set this property to <code>true</code> to
disable improved incremental analysis. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>. This
feature is not yet available on GitHub Enterprise Server. <a
href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li>
<li>Added an experimental change so that when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> fails on a runner — potentially due to
insufficient disk space — the failure is recorded in the Actions cache
so that subsequent runs will automatically skip improved incremental
analysis until something changes (e.g. a larger runner is provisioned or
a new CodeQL version is released). We expect to roll this change out to
everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li>
<li>The minimum memory check for improved incremental analysis is now
skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.
<a
href="https://redirect.github.com/github/codeql-action/pull/3515">#3515</a></li>
<li>Reduced log levels for best-effort private package registry
connection check failures to reduce noise from workflow annotations. <a
href="https://redirect.github.com/github/codeql-action/pull/3516">#3516</a></li>
<li>Added an experimental change which lowers the minimum disk space
requirement for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>, enabling it to run on standard GitHub Actions
runners. We expect to roll this change out to everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3498">#3498</a></li>
<li>Added an experimental change which allows the
<code>start-proxy</code> action to resolve the CodeQL CLI version from
feature flags instead of using the linked CLI bundle version. We expect
to roll this change out to everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3512">#3512</a></li>
<li>The previously experimental changes from versions 4.32.3, 4.32.4,
3.32.3 and 3.32.4 are now enabled by default. <a
href="https://redirect.github.com/github/codeql-action/pull/3503">#3503</a>,
<a
href="https://redirect.github.com/github/codeql-action/pull/3504">#3504</a></li>
</ul>
<h2>v4.32.4</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2">2.24.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3493">#3493</a></li>
<li>Added an experimental change which improves how certificates are
generated for the authentication proxy that is used by the CodeQL Action
in Default Setup when <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>. This is expected to generate more
widely compatible certificates and should have no impact on analyses
which are working correctly already. We expect to roll this change out
to everyone in February. <a
href="https://redirect.github.com/github/codeql-action/pull/3473">#3473</a></li>
<li>When the CodeQL Action is run <a
href="https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup">with
debugging enabled in Default Setup</a> and <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>, the &quot;Setup proxy for
registries&quot; step will output additional diagnostic information that
can be used for troubleshooting. <a
href="https://redirect.github.com/github/codeql-action/pull/3486">#3486</a></li>
<li>Added a setting which allows the CodeQL Action to enable network
debugging for Java programs. This will help GitHub staff support
customers with troubleshooting issues in GitHub-managed CodeQL
workflows, such as Default Setup. This setting can only be enabled by
GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3485">#3485</a></li>
<li>Added a setting which enables GitHub-managed workflows, such as
Default Setup, to use a <a
href="https://github.com/dsp-testing/codeql-cli-nightlies">nightly
CodeQL CLI release</a> instead of the latest, stable release that is
used by default. This will help GitHub staff support customers whose
analyses for a given repository or organization require early access to
a change in an upcoming CodeQL CLI release. This setting can only be
enabled by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3484">#3484</a></li>
</ul>
<h2>v4.32.3</h2>
<ul>
<li>Added experimental support for testing connections to <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a>. This feature is not currently enabled for any
analysis. In the future, it may be enabled by default for Default Setup.
<a
href="https://redirect.github.com/github/codeql-action/pull/3466">#3466</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using advanced setup:</strong> Set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
</ul>
</li>
<li>
<p>Fixed <a
href="https://redirect.github.com/github/codeql-action/issues/3555">a
bug</a> which caused the CodeQL Action to fail loading repository
properties if a &quot;Multi select&quot; repository property was
configured for the repository. <a
href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p>
</li>
<li>
<p>The CodeQL Action now loads <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom
repository properties</a> on GitHub Enterprise Server, enabling the
customization of features such as
<code>github-codeql-disable-overlay</code> that was previously only
available on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p>
</li>
<li>
<p>Fixed the retry mechanism for database uploads. Previously this would
fail with the error &quot;Response body object should not be disturbed
or locked&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p>
</li>
</ul>
<h2>4.32.6 - 05 Mar 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li>
</ul>
<h2>4.32.5 - 02 Mar 2026</h2>
<ul>
<li>Repositories owned by an organization can now set up the
<code>github-codeql-disable-overlay</code> custom repository property to
disable <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis for CodeQL</a>. First, create a custom repository
property with the name <code>github-codeql-disable-overlay</code> and
the type &quot;True/false&quot; in the organization's settings. Then in
the repository's settings, set this property to <code>true</code> to
disable improved incremental analysis. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>. This
feature is not yet available on GitHub Enterprise Server. <a
href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li>
<li>Added an experimental change so that when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> fails on a runner — potentially due to
insufficient disk space — the failure is recorded in the Actions cache
so that subsequent runs will automatically skip improved incremental
analysis until something changes (e.g. a larger runner is provisioned or
a new CodeQL version is released). We expect to roll this change out to
everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li>
<li>The minimum memory check for improved incremental analysis is now
skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.
<a
href="https://redirect.github.com/github/codeql-action/pull/3515">#3515</a></li>
<li>Reduced log levels for best-effort private package registry
connection check failures to reduce noise from workflow annotations. <a
href="https://redirect.github.com/github/codeql-action/pull/3516">#3516</a></li>
<li>Added an experimental change which lowers the minimum disk space
requirement for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>, enabling it to run on standard GitHub Actions
runners. We expect to roll this change out to everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3498">#3498</a></li>
<li>Added an experimental change which allows the
<code>start-proxy</code> action to resolve the CodeQL CLI version from
feature flags instead of using the linked CLI bundle version. We expect
to roll this change out to everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3512">#3512</a></li>
<li>The previously experimental changes from versions 4.32.3, 4.32.4,
3.32.3 and 3.32.4 are now enabled by default. <a
href="https://redirect.github.com/github/codeql-action/pull/3503">#3503</a>,
<a
href="https://redirect.github.com/github/codeql-action/pull/3504">#3504</a></li>
</ul>
<h2>4.32.4 - 20 Feb 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2">2.24.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3493">#3493</a></li>
<li>Added an experimental change which improves how certificates are
generated for the authentication proxy that is used by the CodeQL Action
in Default Setup when <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>. This is expected to generate more
widely compatible certificates and should have no impact on analyses
which are working correctly already. We expect to roll this change out
to everyone in February. <a
href="https://redirect.github.com/github/codeql-action/pull/3473">#3473</a></li>
<li>When the CodeQL Action is run <a
href="https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup">with
debugging enabled in Default Setup</a> and <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>, the &quot;Setup proxy for
registries&quot; step will output additional diagnostic information that
can be used for troubleshooting. <a
href="https://redirect.github.com/github/codeql-action/pull/3486">#3486</a></li>
<li>Added a setting which allows the CodeQL Action to enable network
debugging for Java programs. This will help GitHub staff support
customers with troubleshooting issues in GitHub-managed CodeQL
workflows, such as Default Setup. This setting can only be enabled by
GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3485">#3485</a></li>
<li>Added a setting which enables GitHub-managed workflows, such as
Default Setup, to use a <a
href="https://github.com/dsp-testing/codeql-cli-nightlies">nightly
CodeQL CLI release</a> instead of the latest, stable release that is
used by default. This will help GitHub staff support customers whose
analyses for a given repository or organization require early access to
a change in an upcoming CodeQL CLI release. This setting can only be
enabled by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3484">#3484</a></li>
</ul>
<h2>4.32.3 - 13 Feb 2026</h2>
<ul>
<li>Added experimental support for testing connections to <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a>. This feature is not currently enabled for any
analysis. In the future, it may be enabled by default for Default Setup.
<a
href="https://redirect.github.com/github/codeql-action/pull/3466">#3466</a></li>
</ul>
<h2>4.32.2 - 05 Feb 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1">2.24.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3460">#3460</a></li>
</ul>
<h2>4.32.1 - 02 Feb 2026</h2>
<ul>
<li>A warning is now shown in Default Setup workflow logs if a <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registry is configured</a> using a GitHub Personal Access Token
(PAT), but no username is configured. <a
href="https://redirect.github.com/github/codeql-action/pull/3422">#3422</a></li>
<li>Fixed a bug which caused the CodeQL Action to fail when repository
properties cannot successfully be retrieved. <a
href="https://redirect.github.com/github/codeql-action/pull/3421">#3421</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/0d579ffd059c29b07949a3cce3983f0780820c98"><code>0d579ff</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3551">#3551</a>
from github/update-v4.32.6-72d2d850d</li>
<li><a
href="https://github.com/github/codeql-action/commit/d4c6be7cf1c47a33a06fa9183269e133e6863574"><code>d4c6be7</code></a>
Update changelog for v4.32.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/72d2d850d1f91d4e1e024f4cf4276fd16bb68462"><code>72d2d85</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3548">#3548</a>
from github/update-bundle/codeql-bundle-v2.24.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/23f983ce00d9a853697a6aaa9eae8d5abbf14849"><code>23f983c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3544">#3544</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/832e97ccad228ef72e06ffee26f6251bceeb7e5f"><code>832e97c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3545">#3545</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/5ef38c0b13c2f0f5ce928cb7706f5fb19fc97ae2"><code>5ef38c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3546">#3546</a>
from github/dependabot/npm_and_yarn/tar-7.5.10</li>
<li><a
href="https://github.com/github/codeql-action/commit/80c9cda73902bba67939606c4bf3a1d9606bb150"><code>80c9cda</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/f2669dd916c673b2811839169929a8ba71bb7634"><code>f2669dd</code></a>
Update default bundle to codeql-bundle-v2.24.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/bd03c44cf40965f5476f66fad404194e4cb35710"><code>bd03c44</code></a>
Merge branch 'main' into
dependabot/github_actions/dot-github/workflows/actio...</li>
<li><a
href="https://github.com/github/codeql-action/commit/102d7627b63c066871badf0743c11b2f6dd9c9e9"><code>102d762</code></a>
Bump tar from 7.5.7 to 7.5.10</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...0d579ffd059c29b07949a3cce3983f0780820c98">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.32.2&new-version=4.32.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-13 21:11:51 +00:00
François Mockers 8be3268dbc remove weekly beta job (#23287) 
# Objective

- Fixes #21169
- Not really, but removes it anyway
- Beta job is failing continuously, and often not actionnable

<img width="1280" height="2612" alt="Screenshot 2026-03-09 at 22 59 06"
src="https://github.com/user-attachments/assets/9da78474-a5fe-4298-a169-6ce210fc6ae7"
/>


## Solution

- Stop running it
 2026-03-11 18:20:13 +00:00
Shahar Naveh 8bf031a0c5 Optimize update-caches CI (#23253) 
# Objective

The current `update-caches` workflow has several issues:

- Installing apt dependencies even if we are not going to build bevy
(had an exact cache hit)
- Actually restoring the cache (and then not using it as nothing else
gets executed)

## Solution

- Skip installing Linux deps if we got a cache hit
- Don't restore the cache, only check if it exists

## Testing

Ran it on my fork,
https://github.com/ShaharNaveh/bevy/actions/runs/22799581882
 2026-03-09 21:18:50 +00:00
dependabot[bot] 162a708091 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#23244) 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 6.0.0 to 7.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>v7 What's new</h2>
<h3>Direct Uploads</h3>
<p>Adds support for uploading single files directly (unzipped). Callers
can set the new <code>archive</code> parameter to <code>false</code> to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The <code>name</code> parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.</p>
<h3>ESM</h3>
<p>To support new versions of the <code>@actions/*</code> packages,
we've upgraded the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Add proxy integration test by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
<li>Upgrade the module to ESM and bump dependencies by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li>
<li>Support direct file uploads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a>
Support direct file uploads (<a
href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a>
Upgrade the module to ESM and bump dependencies (<a
href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a>
from actions/Link-/add-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a>
Add proxy integration test</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=6.0.0&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: François Mockers <francois.mockers@vleue.com>
 2026-03-06 18:23:24 +00:00
dependabot[bot] b292ea13cd Bump actions/download-artifact from 7.0.0 to 8.0.0 (#23243) 
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 7.0.0 to 8.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0</h2>
<h2>v8 - What's new</h2>
<h3>Direct downloads</h3>
<p>To support direct uploads in <code>actions/upload-artifact</code>,
the action will no longer attempt to unzip all downloaded files.
Instead, the action checks the <code>Content-Type</code> header ahead of
unzipping and skips non-zipped files. Callers wishing to download a
zipped file as-is can also set the new <code>skip-decompress</code>
parameter to <code>false</code>.</p>
<h3>Enforced checks (breaking)</h3>
<p>A previous release introduced digest checks on the download. If a
download hash didn't match the expected hash from the server, the action
would log a warning. Callers can now configure the behavior on mismatch
with the <code>digest-mismatch</code> parameter. To be secure by
default, we are now defaulting the behavior to <code>error</code> which
will fail the workflow run.</p>
<h3>ESM</h3>
<p>To support new versions of the @actions/* packages, we've upgraded
the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Don't attempt to un-zip non-zipped downloads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/460">actions/download-artifact#460</a></li>
<li>Add a setting to specify what to do on hash mismatch and default it
to <code>error</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/461">actions/download-artifact#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v7...v8.0.0">https://github.com/actions/download-artifact/compare/v7...v8.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3"><code>70fc10c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/461">#461</a>
from actions/danwkennedy/digest-mismatch-behavior</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62"><code>f258da9</code></a>
Add change docs</li>
<li><a
href="https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c"><code>ccc058e</code></a>
Fix linting issues</li>
<li><a
href="https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd"><code>bd7976b</code></a>
Add a setting to specify what to do on hash mismatch and default it to
<code>error</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c"><code>ac21fcf</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/460">#460</a>
from actions/danwkennedy/download-no-unzip</li>
<li><a
href="https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0"><code>15999bf</code></a>
Add note about package bumps</li>
<li><a
href="https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561"><code>974686e</code></a>
Bump the version to <code>v8</code> and add release notes</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75"><code>fbe48b1</code></a>
Update test names to make it clearer what they do</li>
<li><a
href="https://github.com/actions/download-artifact/commit/96bf374a614d4360e225874c3efd6893a3f285e7"><code>96bf374</code></a>
One more test fix</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b8c4819ef592cbe04fd93534534b38f853864332"><code>b8c4819</code></a>
Fix skip decompress test</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=7.0.0&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: François Mockers <francois.mockers@vleue.com>
 2026-03-06 18:23:23 +00:00
dependabot[bot] e031bd8ed0 Bump super-linter/super-linter from 8.4.0 to 8.5.0 (#23067) 
Bumps
[super-linter/super-linter](https://github.com/super-linter/super-linter)
from 8.4.0 to 8.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/super-linter/super-linter/releases">super-linter/super-linter's
releases</a>.</em></p>
<blockquote>
<h2>v8.5.0</h2>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.4.0...v8.5.0">8.5.0</a>
(2026-02-06)</h2>
<h3>🚀 Features</h3>
<ul>
<li>update codespell skip patterns for go modules (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7465">#7465</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ff76a002516303867ea0cc83fa748467362c80eb">ff76a00</a>)</li>
</ul>
<h3>🐛 Bugfixes</h3>
<ul>
<li>fix disable-telemetry trivy config file (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7473">#7473</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/2ab2bd0e22bf589d4056c8afca4c2260000000cc">2ab2bd0</a>)</li>
<li>mention summary comment in validation error (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7497">#7497</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/888d5a825c95c1a1ccbc1cef9ffd83d5f7667269">888d5a8</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7483">#7483</a></li>
<li>pass file to check as first bash-exec param (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7471">#7471</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a18e2f64a156e7da1a1d1ab8d6b579522fa11bc3">a18e2f6</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7467">#7467</a></li>
</ul>
<h3>⬆️ Dependency updates</h3>
<ul>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7480">#7480</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c0b4a56a3fa49954f23f1c1c12dfe9f48e0e16d0">c0b4a56</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7474">#7474</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b8cb1894ac7b48c655efbf7ddecfb0891db59896">b8cb189</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7490">#7490</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/147e8297bb84031a31226e9f6efd35bed7ede2bc">147e829</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7463">#7463</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/adc2836ffbec0ad0644a1ecc239841a00aea2231">adc2836</a>)</li>
<li><strong>docker:</strong> bump the docker group with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7455">#7455</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a1b44ab603af174c580891fb513e31aad5ce360a">a1b44ab</a>)</li>
<li><strong>java:</strong> bump
com.google.googlejavaformat:google-java-format (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7489">#7489</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/8758d94a90dca29b4cb5efe006e3cd269c65f37e">8758d94</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7475">#7475</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/929cd6600247294b686ce188dfc9ef71c328bbd2">929cd66</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7498">#7498</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c285101acd0d7926e22c191f8256cbea30c7f12d">c285101</a>)</li>
<li><strong>npm:</strong> bump <code>@​isaacs/brace-expansion</code> in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7482">#7482</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c15b8acc3d61a449fb341545c442a5cb5bded882">c15b8ac</a>)</li>
<li><strong>npm:</strong> bump <code>@​modelcontextprotocol/sdk</code>
in /dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7488">#7488</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/675cbf69cfe861f7dc08a9af253a01558ea1dad0">675cbf6</a>)</li>
<li><strong>npm:</strong> bump fast-xml-parser and
<code>@​aws-sdk/xml-builder</code> (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7491">#7491</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7012368be8a88fdf65c94e0d740f06488c04e657">7012368</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7457">#7457</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/962a22b4cc228dc288e1f1222736ca3c228118c7">962a22b</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7501">#7501</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ae4468886e65312354bc415d0f167d0e2c3e136d">ae44688</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 5
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7487">#7487</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/9be025d32388ee2b54cdfca27d264886b8b4df22">9be025d</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 6
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7477">#7477</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b44fb3f837e8b324b126a80b685fdb09e659beea">b44fb3f</a>)</li>
<li><strong>python:</strong> bump ruff (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7486">#7486</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7e9df59b0619e9ff0c212a3233340ab7f27ec012">7e9df59</a>)</li>
<li><strong>python:</strong> bump snakemake (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7456">#7456</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/5989994705709338af23769caca3530931c897b5">5989994</a>)</li>
<li><strong>python:</strong> bump the pip group across 1 directory with
2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7476">#7476</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/6b3b830b14bfabac099e8dc7cda79433eef35f0a">6b3b830</a>)</li>
<li><strong>python:</strong> bump the pip group across 1 directory with
2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7500">#7500</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/4452db33678192df97fa54cb9695c4a15d0790b5">4452db3</a>)</li>
</ul>
<h3>🧰 Maintenance</h3>
<ul>
<li><strong>dev-docker:</strong> bump node in /dev-dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7484">#7484</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/40bc6a0292565794957dff627848185398743cad">40bc6a0</a>)</li>
<li><strong>github-actions:</strong> bump docker/login-action in the
dev-ci-tools group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7454">#7454</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a2a729287be00a15565a9b7d25ffaff26731dc67">a2a7292</a>)</li>
<li>update tar (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7462">#7462</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c082d1672788853a18cf12ad8b9a0ef0e3c4b1a8">c082d16</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md">super-linter/super-linter's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.4.0...v8.5.0">8.5.0</a>
(2026-02-06)</h2>
<h3>🚀 Features</h3>
<ul>
<li>update codespell skip patterns for go modules (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7465">#7465</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ff76a002516303867ea0cc83fa748467362c80eb">ff76a00</a>)</li>
</ul>
<h3>🐛 Bugfixes</h3>
<ul>
<li>fix disable-telemetry trivy config file (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7473">#7473</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/2ab2bd0e22bf589d4056c8afca4c2260000000cc">2ab2bd0</a>)</li>
<li>mention summary comment in validation error (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7497">#7497</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/888d5a825c95c1a1ccbc1cef9ffd83d5f7667269">888d5a8</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7483">#7483</a></li>
<li>pass file to check as first bash-exec param (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7471">#7471</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a18e2f64a156e7da1a1d1ab8d6b579522fa11bc3">a18e2f6</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7467">#7467</a></li>
</ul>
<h3>⬆️ Dependency updates</h3>
<ul>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7480">#7480</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c0b4a56a3fa49954f23f1c1c12dfe9f48e0e16d0">c0b4a56</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7474">#7474</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b8cb1894ac7b48c655efbf7ddecfb0891db59896">b8cb189</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7490">#7490</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/147e8297bb84031a31226e9f6efd35bed7ede2bc">147e829</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7463">#7463</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/adc2836ffbec0ad0644a1ecc239841a00aea2231">adc2836</a>)</li>
<li><strong>docker:</strong> bump the docker group with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7455">#7455</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a1b44ab603af174c580891fb513e31aad5ce360a">a1b44ab</a>)</li>
<li><strong>java:</strong> bump
com.google.googlejavaformat:google-java-format (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7489">#7489</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/8758d94a90dca29b4cb5efe006e3cd269c65f37e">8758d94</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7475">#7475</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/929cd6600247294b686ce188dfc9ef71c328bbd2">929cd66</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7498">#7498</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c285101acd0d7926e22c191f8256cbea30c7f12d">c285101</a>)</li>
<li><strong>npm:</strong> bump <code>@​isaacs/brace-expansion</code> in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7482">#7482</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c15b8acc3d61a449fb341545c442a5cb5bded882">c15b8ac</a>)</li>
<li><strong>npm:</strong> bump <code>@​modelcontextprotocol/sdk</code>
in /dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7488">#7488</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/675cbf69cfe861f7dc08a9af253a01558ea1dad0">675cbf6</a>)</li>
<li><strong>npm:</strong> bump fast-xml-parser and
<code>@​aws-sdk/xml-builder</code> (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7491">#7491</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7012368be8a88fdf65c94e0d740f06488c04e657">7012368</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7457">#7457</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/962a22b4cc228dc288e1f1222736ca3c228118c7">962a22b</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7501">#7501</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ae4468886e65312354bc415d0f167d0e2c3e136d">ae44688</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 5
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7487">#7487</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/9be025d32388ee2b54cdfca27d264886b8b4df22">9be025d</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 6
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7477">#7477</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b44fb3f837e8b324b126a80b685fdb09e659beea">b44fb3f</a>)</li>
<li><strong>python:</strong> bump ruff (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7486">#7486</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7e9df59b0619e9ff0c212a3233340ab7f27ec012">7e9df59</a>)</li>
<li><strong>python:</strong> bump snakemake (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7456">#7456</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/5989994705709338af23769caca3530931c897b5">5989994</a>)</li>
<li><strong>python:</strong> bump the pip group across 1 directory with
2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7476">#7476</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/6b3b830b14bfabac099e8dc7cda79433eef35f0a">6b3b830</a>)</li>
<li><strong>python:</strong> bump the pip group across 1 directory with
2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7500">#7500</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/4452db33678192df97fa54cb9695c4a15d0790b5">4452db3</a>)</li>
</ul>
<h3>🧰 Maintenance</h3>
<ul>
<li><strong>dev-docker:</strong> bump node in /dev-dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7484">#7484</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/40bc6a0292565794957dff627848185398743cad">40bc6a0</a>)</li>
<li><strong>github-actions:</strong> bump docker/login-action in the
dev-ci-tools group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7454">#7454</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a2a729287be00a15565a9b7d25ffaff26731dc67">a2a7292</a>)</li>
<li>update tar (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7462">#7462</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c082d1672788853a18cf12ad8b9a0ef0e3c4b1a8">c082d16</a>)</li>
</ul>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.3.2...v8.4.0">8.4.0</a>
(2026-01-28)</h2>
<h3>🚀 Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/super-linter/super-linter/commit/61abc07d755095a68f4987d1c2c3d1d64408f1f9"><code>61abc07</code></a>
chore(main): release 8.5.0 (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7459">#7459</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/a18e2f64a156e7da1a1d1ab8d6b579522fa11bc3"><code>a18e2f6</code></a>
fix: pass file to check as first bash-exec param (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7471">#7471</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/c285101acd0d7926e22c191f8256cbea30c7f12d"><code>c285101</code></a>
deps(java): bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7498">#7498</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/4452db33678192df97fa54cb9695c4a15d0790b5"><code>4452db3</code></a>
deps(python): bump the pip group across 1 directory with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7500">#7500</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/ae4468886e65312354bc415d0f167d0e2c3e136d"><code>ae44688</code></a>
deps(npm): bump the npm group across 1 directory with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7501">#7501</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/888d5a825c95c1a1ccbc1cef9ffd83d5f7667269"><code>888d5a8</code></a>
fix: mention summary comment in validation error (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7497">#7497</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/8758d94a90dca29b4cb5efe006e3cd269c65f37e"><code>8758d94</code></a>
deps(java): bump com.google.googlejavaformat:google-java-format (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7489">#7489</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/147e8297bb84031a31226e9f6efd35bed7ede2bc"><code>147e829</code></a>
deps(docker): bump the docker group across 1 directory with 3 updates
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7490">#7490</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/7012368be8a88fdf65c94e0d740f06488c04e657"><code>7012368</code></a>
deps(npm): bump fast-xml-parser and <code>@​aws-sdk/xml-builder</code>
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7491">#7491</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/9be025d32388ee2b54cdfca27d264886b8b4df22"><code>9be025d</code></a>
deps(npm): bump the npm group across 1 directory with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7487">#7487</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/super-linter/super-linter/compare/12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e...61abc07d755095a68f4987d1c2c3d1d64408f1f9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=super-linter/super-linter&package-manager=github_actions&previous-version=8.4.0&new-version=8.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-04 00:14:49 +00:00
dependabot[bot] 0962373d7c Bump crate-ci/typos from 1.43.2 to 1.43.5 (#23164) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.43.2 to
1.43.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.43.5</h2>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>v1.43.4</h2>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<h2>v1.43.3</h2>
<h2>[1.43.3] - 2026-02-06</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Adjust how typos are reported to github</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<h2>[1.43.3] - 2026-02-06</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Adjust how typos are reported to github</li>
</ul>
<h2>[1.43.2] - 2026-02-05</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>certifi</code> in Python</li>
</ul>
<h2>[1.43.1] - 2026-02-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>consts</code></li>
</ul>
<h2>[1.43.0] - 2026-02-02</h2>
<h3>Compatibility</h3>
<ul>
<li>Bumped MSRV to 1.91</li>
</ul>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1453">January
2026</a> changes</li>
</ul>
<h2>[1.42.3] - 2026-01-27</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/57b11c6b7e54c402ccd9cda953f1072ec4f78e33"><code>57b11c6</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/105ced22a5a7fedc36cbef6e5dec31b708e9ec5b"><code>105ced2</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/4f89be7e4a7933f8d9693a9da7a9e9258a8671ba"><code>4f89be7</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1504">#1504</a>
from schnellerhase/bump-maturin</li>
<li><a
href="https://github.com/crate-ci/typos/commit/d8547ad9c141d0e2c568b2344f0804a446ff25ab"><code>d8547ad</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1503">#1503</a>
from 1195343015/patch-1</li>
<li><a
href="https://github.com/crate-ci/typos/commit/60527f035022b26d0bef93eb0fb200d7695cea2c"><code>60527f0</code></a>
Bump maturin to 1.12</li>
<li><a
href="https://github.com/crate-ci/typos/commit/3a925adab9a1c7f22a3de3d0022beb8f5aa805d6"><code>3a925ad</code></a>
[Bugfix] Fix whitespace in unicode setting</li>
<li><a
href="https://github.com/crate-ci/typos/commit/78bc6fb2c0d734235d57a2d6b9de923cc325ebdd"><code>78bc6fb</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/c3402c65ca9b75eeb384e273897a1e1bf6253c8c"><code>c3402c6</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5ad68cd6764508d8bf2d9db7fafb9fbbe58427ec"><code>5ad68cd</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1500">#1500</a>
from epage/pincher</li>
<li><a
href="https://github.com/crate-ci/typos/commit/390736476ea5a958a42dbc5b838c037813cfdab4"><code>3907364</code></a>
fix(dict): Allow pincher</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/ad3053d3adbcce7f2e3c60fd4ddfc239787d1eff...57b11c6b7e54c402ccd9cda953f1072ec4f78e33">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.43.2&new-version=1.43.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-27 08:00:49 +00:00
François Mockers 97acc20b9d unpin nightly in CI (#23088) 
Reverts bevyengine/bevy#22927, bug has been fixed in nightly
 2026-02-21 09:19:02 +00:00
Guillaume Gomez 28fd2cb3c0 Enable the rustdoc "--generate-macro-expansion" feature (#23075) 
You can see this feature in action in the compiler docs like
[here](https://doc.rust-lang.org/nightly/nightly-rustc/src/rustc_ast_lowering/errors.rs.html#323)
or
[here](https://doc.rust-lang.org/nightly/nightly-rustc/src/rustc_ast_lowering/format.rs.html#89).
 2026-02-21 00:24:25 +00:00
dependabot[bot] 3fd3e2c33f Bump dtolnay/rust-toolchain from f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 to efa25f7f19611383d5b0ccf2d1c8914531636bf9 (#22936) 
Bumps
[dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from
f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 to
efa25f7f19611383d5b0ccf2d1c8914531636bf9.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dtolnay/rust-toolchain/commit/efa25f7f19611383d5b0ccf2d1c8914531636bf9"><code>efa25f7</code></a>
Add 1.93.1 patch release</li>
<li>See full diff in <a
href="https://github.com/dtolnay/rust-toolchain/compare/f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561...efa25f7f19611383d5b0ccf2d1c8914531636bf9">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-18 12:17:31 +00:00
person93 9570948896 Specify nightly toolchain version in CI config (#22927) 
# Objective

There is an issue with miri

## Solution

Pin miri to `2026-02-11` as suggested by @mockersf   in discord
 2026-02-12 13:10:40 +00:00
ickshonpe 48ec375a3a bevy_text parley migration (#22879) 
# Objective

Migrate `bevy_text` from Cosmic Text to Parley.

Closes #21940. Fixes #21767, fixes #21768. Part of #21676.

## Solution

I came down with the flu yesterday when I was about halfway done. I
managed to work through it and drag this to a sort of finished state
anyway but there's probably some weird decisions because I haven't been
entirely coherent.

Most of the significant changes are to the pipeline module. There is
also a new `parley_context` module.
`FontAtlasKey` has a bunch of new fields, I can't remember why there's
both an `id` and a `index` now.

## Testing

Weird bug in `testbed_2d`:

<img width="893" height="168" alt="symbols"
src="https://github.com/user-attachments/assets/29288e16-9c3a-4aee-9ec5-638179b0bac0"
/>

Most other things seem to work the same as main, ymmv.

## Showcase

`testbed_2d`'s text scene on main with Cosmic Text:

<img width="1924" height="1127" alt="main-text2d-layout"
src="https://github.com/user-attachments/assets/55d0c7b7-7517-4a50-b76f-2a24e7cdc28f"
/>

`testbed_2d`'s text scene on this PR with Parley:

<img width="1924" height="1127" alt="testbed-2d-text"
src="https://github.com/user-attachments/assets/c87265fa-6e5f-4c03-aa5e-730f09f83ca3"
/>

`testbed_ui`'s text scene on main with Cosmic Text:

<img width="1924" height="1127" alt="testbed-ui-main"
src="https://github.com/user-attachments/assets/ce764891-3ca6-4c63-83af-8fe285a4a229"
/>

`testbed_ui`'s text scene on this PR with Parley:

<img width="1924" height="1127" alt="testbed_ui_parley"
src="https://github.com/user-attachments/assets/45bcbfe7-1ce4-44f7-bad7-7fa8f46c66ce"
/>

---------

Co-authored-by: Alice Cecile <alice.i.cecile@gmail.com>
 2026-02-11 05:52:47 +00:00
Benjamin Brienen 13ed0a69d2 Address some Zizmor lints (#22817) 
# Objective

Minimize security issues
Real issues don't get drowned out from fixable small issues

## Solution

Apply recommended fixes such as passing secrets explicitly.
Ignore a lint in 2 workflows because it is necessary.

## Testing

Ran Zizmor locally

```
 techn0@IO  ~/source/bevy   main ±  zizmor . --fix=all
🌈 zizmor v1.22.0
 INFO audit: zizmor: 🌈 completed ./.github/actions/install-linux-deps/action.yml
 INFO audit: zizmor: 🌈 completed ./.github/dependabot.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/action-on-PR-labeled.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/ci-comment-failures.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/ci.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/dependencies.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/docs.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/example-run-report.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/example-run.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/post-release.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/security-static-analysis.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/send-screenshots-to-pixeleagle.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/update-caches.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/validation-jobs.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/weekly.yml
 INFO audit: zizmor: 🌈 completed ./.github/workflows/welcome.yml
error[dangerous-triggers]: use of fundamentally insecure workflow trigger
  --> ./.github/workflows/ci-comment-failures.yml:6:1
   |
 6 | / on:
 7 | |   workflow_run:
 8 | |     workflows: ["CI"]
 9 | |     types:
10 | |       - completed
   | |_________________^ workflow_run is almost always used insecurely
   |
   = note: audit confidence → Medium

error[dangerous-triggers]: use of fundamentally insecure workflow trigger
  --> ./.github/workflows/example-run-report.yml:10:1
   |
10 | / on:
11 | |   workflow_run:
12 | |     workflows: ["Example Run"]
13 | |     types:
14 | |       - completed
   | |_________________^ workflow_run is almost always used insecurely
   |
   = note: audit confidence → Medium

121 findings (2 ignored, 117 suppressed): 0 informational, 0 low, 0 medium, 2 high
```
 2026-02-06 19:14:45 +00:00
dependabot[bot] 4c76e82b43 Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 (#22823) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.4.1 to 0.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Expose <code>output-file</code> as an output when
<code>advanced-security: true</code> by <a
href="https://github.com/unlobito"><code>@​unlobito</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/87">zizmorcore/zizmor-action#87</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/unlobito"><code>@​unlobito</code></a>
made their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/87">zizmorcore/zizmor-action#87</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0">https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d"><code>0dce257</code></a>
chore(deps): bump peter-evans/create-pull-request (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/88">#88</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/fb9497493b591ad90176d3ecac5ca4aeff8c9faf"><code>fb94974</code></a>
Expose <code>output-file</code> as an output when
<code>advanced-security: true</code> (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/87">#87</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/867562a69bb7adcc63dd1e8c003600a58b5f70e2"><code>867562a</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/85">#85</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/7462f075f718787753331c6d98ca9ef8eb41e735"><code>7462f07</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/84">#84</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/135698455da5c3b3e55f73f4419e481ab68cdd95...0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.4.1&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-06 07:39:43 +00:00
dependabot[bot] 70d6f58c3c Bump crate-ci/typos from 1.42.3 to 1.43.2 (#22824) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.42.3 to
1.43.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.43.2</h2>
<h2>[1.43.2] - 2026-02-05</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>certifi</code> in Python</li>
</ul>
<h2>v1.43.1</h2>
<h2>[1.43.1] - 2026-02-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>consts</code></li>
</ul>
<h2>v1.43.0</h2>
<h2>[1.43.0] - 2026-02-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1453">January
2026</a> changes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.43.2] - 2026-02-05</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>certifi</code> in Python</li>
</ul>
<h2>[1.43.1] - 2026-02-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>consts</code></li>
</ul>
<h2>[1.43.0] - 2026-02-02</h2>
<h3>Compatibility</h3>
<ul>
<li>Bumped MSRV to 1.91</li>
</ul>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1453">January
2026</a> changes</li>
</ul>
<h2>[1.42.3] - 2026-01-27</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>loosing</code></li>
</ul>
<h2>[1.42.2] - 2026-01-26</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>substituters</code></li>
</ul>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
<h2>[1.42.0] - 2026-01-07</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/ad3053d3adbcce7f2e3c60fd4ddfc239787d1eff"><code>ad3053d</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a23d8beec85e2163c4ee7f5f46ba34b896862f7c"><code>a23d8be</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/63b278ca9d0887d9baeb1da1682ad64c60e69c7a"><code>63b278c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1497">#1497</a>
from epage/certifi</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5775fa10aa0a50bddb619ab50618932af1867f31"><code>5775fa1</code></a>
feat(config): Don't correct certifi in Python</li>
<li><a
href="https://github.com/crate-ci/typos/commit/3141b83b6015e2521c29fa2a0ecd9eb7e0d9472e"><code>3141b83</code></a>
docs: Add msrv entry</li>
<li><a
href="https://github.com/crate-ci/typos/commit/3a4d65230db538caabac6e156599c8ba8380ff07"><code>3a4d652</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a46f9bfbb601363ad41f1c62b8bbaf4c529d7e71"><code>a46f9bf</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/74b2ed6d4f74d6285a2a1f15ed18e87c4dc5ec29"><code>74b2ed6</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/56ca4c6c30fabcafc1ccd8868026510367202f2f"><code>56ca4c6</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1494">#1494</a>
from epage/consts</li>
<li><a
href="https://github.com/crate-ci/typos/commit/aa5f433f3bdaad5ab784f274c702389aee8a8e86"><code>aa5f433</code></a>
fix(dict): Allow consts</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/06d010dfe4c84fdab1a25ea02b57b3585018ba80...ad3053d3adbcce7f2e3c60fd4ddfc239787d1eff">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.42.3&new-version=1.43.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-06 07:38:43 +00:00
dependabot[bot] b6dfd019c3 Bump github/codeql-action from 4.32.0 to 4.32.2 (#22825) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.32.0 to 4.32.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.32.2</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1">2.24.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3460">#3460</a></li>
</ul>
<h2>v4.32.1</h2>
<ul>
<li>A warning is now shown in Default Setup workflow logs if a <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registry is configured</a> using a GitHub Personal Access Token
(PAT), but no username is configured. <a
href="https://redirect.github.com/github/codeql-action/pull/3422">#3422</a></li>
<li>Fixed a bug which caused the CodeQL Action to fail when repository
properties cannot successfully be retrieved. <a
href="https://redirect.github.com/github/codeql-action/pull/3421">#3421</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1">2.24.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3460">#3460</a></li>
</ul>
<h2>4.32.1 - 02 Feb 2026</h2>
<ul>
<li>A warning is now shown in Default Setup workflow logs if a <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registry is configured</a> using a GitHub Personal Access Token
(PAT), but no username is configured. <a
href="https://redirect.github.com/github/codeql-action/pull/3422">#3422</a></li>
<li>Fixed a bug which caused the CodeQL Action to fail when repository
properties cannot successfully be retrieved. <a
href="https://redirect.github.com/github/codeql-action/pull/3421">#3421</a></li>
</ul>
<h2>4.32.0 - 26 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li>
</ul>
<h2>4.31.11 - 23 Jan 2026</h2>
<ul>
<li>When running a Default Setup workflow with <a
href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions
debugging enabled</a>, the CodeQL Action will now use more unique names
when uploading logs from the Dependabot authentication proxy as workflow
artifacts. This ensures that the artifact names do not clash between
multiple jobs in a build matrix. <a
href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li>
<li>Improved error handling throughout the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li>
<li>Added experimental support for automatically excluding <a
href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated
files</a> from the analysis. This feature is not currently enabled for
any analysis. In the future, it may be enabled by default for some
GitHub-managed analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li>
<li>The changelog extracts that are included with releases of the CodeQL
Action are now shorter to avoid duplicated information from appearing in
Dependabot PRs. <a
href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li>
</ul>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2"><code>45cbd0c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3461">#3461</a>
from github/update-v4.32.2-7aee93297</li>
<li><a
href="https://github.com/github/codeql-action/commit/cb528be87e3c4226fe0ead29ee5db74127e37ab6"><code>cb528be</code></a>
Update changelog for v4.32.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/7aee93297421a430700f5e81fe681dbc80a0b4f5"><code>7aee932</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3460">#3460</a>
from github/update-bundle/codeql-bundle-v2.24.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/b5f028a984d0af20ea8c4c53f3953cb18bc142c4"><code>b5f028a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3457">#3457</a>
from github/dependabot/npm_and_yarn/npm-minor-4c1fc3...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9702c27ab946a10a0159e2fe3126cb6605c10c8b"><code>9702c27</code></a>
Merge branch 'main' into
dependabot/npm_and_yarn/npm-minor-4c1fc3d0aa</li>
<li><a
href="https://github.com/github/codeql-action/commit/c36c94846f3257550e884e42a408299a64969407"><code>c36c948</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/3d0331896c48048637b250518c70ba3138feb437"><code>3d03318</code></a>
Update default bundle to codeql-bundle-v2.24.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/77591e2c4a43bf190ac768983419eb058187e62f"><code>77591e2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3459">#3459</a>
from github/copilot/fix-github-actions-workflow-again</li>
<li><a
href="https://github.com/github/codeql-action/commit/7a44a9db3f773e2d0f40146c102d01a56721526d"><code>7a44a9d</code></a>
Fix Rebuild Action workflow by adding --no-edit flag to git merge
--continue</li>
<li><a
href="https://github.com/github/codeql-action/commit/e2ac371513fc4422230ee97deafd8392a45d7f0d"><code>e2ac371</code></a>
Initial plan</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.32.0&new-version=4.32.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-06 07:38:15 +00:00
dependabot[bot] 5925b19258 Bump super-linter/super-linter from 8.3.2 to 8.4.0 (#22739) 
Bumps
[super-linter/super-linter](https://github.com/super-linter/super-linter)
from 8.3.2 to 8.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/super-linter/super-linter/releases">super-linter/super-linter's
releases</a>.</em></p>
<blockquote>
<h2>v8.4.0</h2>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.3.2...v8.4.0">8.4.0</a>
(2026-01-28)</h2>
<h3>🚀 Features</h3>
<ul>
<li>add codespell (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7357">#7357</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/6d7d907dcc39a01c96fa8ad337174be89dc525c2">6d7d907</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7303">#7303</a></li>
<li>enable apply-ignore when running shfmt (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7309">#7309</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ae0f44a2e18b3ca52aeff4a91646ecec7d059254">ae0f44a</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7308">#7308</a></li>
<li>handle repository_dispatch events (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7335">#7335</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/3587871ba06260d7612e44787f5990a7d21eb1d6">3587871</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7245">#7245</a></li>
<li>support emitting logs only on errors (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7410">#7410</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/2f50a04dbb13f78744b19de7e31f092bd559e257">2f50a04</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7402">#7402</a></li>
<li>validate git vars only when needed (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7342">#7342</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7aa6b2aa6f29c33d4dc31baf7bded46475009f37">7aa6b2a</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7282">#7282</a></li>
<li>write pull request status summary comment (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7372">#7372</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/25ed9081562b01a0883cd102985176840a4e4350">25ed908</a>)</li>
</ul>
<h3>🐛 Bugfixes</h3>
<ul>
<li>check renovate before exclusive checks (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7368">#7368</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a140d67e92c83cd769cc13996f8be0cd39dec6c0">a140d67</a>)</li>
<li>don't add GITHUB_WORKSPACE multiple times (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7439">#7439</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/be04fc3da15cc3d129dc2fedb8c34aee9e9daabd">be04fc3</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7430">#7430</a></li>
<li>don't save logs to file when running parallel (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7442">#7442</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ce306b8201d29655374c427d70b681413bca41c9">ce306b8</a>)</li>
<li>fix command options initialization (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7407">#7407</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b74abd4414ad522b9b8b63c0be89c82401685a02">b74abd4</a>)</li>
<li>fix linter configuration and go version (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7401">#7401</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/564808bd9a27e3932214f085fd543967645e015e">564808b</a>)</li>
</ul>
<h3>⬆️ Dependency updates</h3>
<ul>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7332">#7332</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/612347c8413a07a27e78971d506d01ebdcb5c4f8">612347c</a>)</li>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7451">#7451</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/f17c26b5500e46662ef80af0062e0aaa030c1368">f17c26b</a>)</li>
<li><strong>bundler:</strong> bump rubocop-rails in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7356">#7356</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/e7abb06788f217908612bad4b643c1585000ff22">e7abb06</a>)</li>
<li><strong>bundler:</strong> bump rubocop-rspec in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7367">#7367</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/cee7c2612592ec206badac280b3ff4925584d3f1">cee7c26</a>)</li>
<li><strong>docker:</strong> bump golangci/golangci-lint in the docker
group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7365">#7365</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/149226b87075eccfdcb7bc6878dafd27bfcc7c7a">149226b</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7336">#7336</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/9d05e2a91c0be94e6f28a34c526c52f9e8b095c5">9d05e2a</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7440">#7440</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/806ddf4e6997ef77327d9ba9c962646353167b19">806ddf4</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7388">#7388</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/89c80ac10b078a8d6b52a9a76c211007eaaf6360">89c80ac</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7343">#7343</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/4d1a380d07b2a2a88512d030b9458f3aaf493a3c">4d1a380</a>)</li>
<li><strong>docker:</strong> bump the docker group with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7412">#7412</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/fa071609556501585cd0be9be121d26746dbbeae">fa07160</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7348">#7348</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/3bc0dc24804d9460682574474bdef76639902fef">3bc0dc2</a>)</li>
<li><strong>npm:</strong> bump <code>@​modelcontextprotocol/sdk</code>
in /dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7364">#7364</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/898760f2dbc5db08f517ee019bdc839cf71b3be9">898760f</a>)</li>
<li><strong>npm:</strong> bump diff from 5.2.0 to 5.2.2 in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7425">#7425</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ee62ba3ccfab3fe5a532f0d3194a5f9e6083a109">ee62ba3</a>)</li>
<li><strong>npm:</strong> bump hono from 4.11.3 to 4.11.4 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7379">#7379</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ca2821d6972b9c217378894dc8e5ed30cf9d8c47">ca2821d</a>)</li>
<li><strong>npm:</strong> bump lodash from 4.17.21 to 4.17.23 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7433">#7433</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/be9429269f236ad5313cd2ae84a75a5345ae5f19">be94292</a>)</li>
<li><strong>npm:</strong> bump qs from 6.14.0 to 6.14.1 in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7350">#7350</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/64969c4c6182962e89fb021aa0918092b9933fd6">64969c4</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 16
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7411">#7411</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/644fff4cf8f9c402888e29313139dd6e7cbce40e">644fff4</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7438">#7438</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c5014155105e052013c696bd5452f10a75b8aac6">c501415</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 3
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7341">#7341</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/62ebdce8dab77ccde99bce0d8a5d9af5f252cec8">62ebdce</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 3
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7371">#7371</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/5112c873d853500f860fefdd2953904e2915cfb5">5112c87</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 4
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7338">#7338</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/07b91bc3ad16c692d57f0cf10a6916f11a2561a1">07b91bc</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 4
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7366">#7366</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/13ced20cba70e05b9ee22cb5f4cc9a939407ea50">13ced20</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 4
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7418">#7418</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ec5d03f944e6535c33bf73aa0c25bd9800dea9a9">ec5d03f</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 8
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7355">#7355</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/1b38ef9a418a8a25b65b8fdba8de1865bf460c86">1b38ef9</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 8
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7452">#7452</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/43476917b49cbb16d006f01e0779ee176d1eae64">4347691</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md">super-linter/super-linter's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/super-linter/super-linter/compare/v8.3.2...v8.4.0">8.4.0</a>
(2026-01-28)</h2>
<h3>🚀 Features</h3>
<ul>
<li>add codespell (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7357">#7357</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/6d7d907dcc39a01c96fa8ad337174be89dc525c2">6d7d907</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7303">#7303</a></li>
<li>enable apply-ignore when running shfmt (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7309">#7309</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ae0f44a2e18b3ca52aeff4a91646ecec7d059254">ae0f44a</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7308">#7308</a></li>
<li>handle repository_dispatch events (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7335">#7335</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/3587871ba06260d7612e44787f5990a7d21eb1d6">3587871</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7245">#7245</a></li>
<li>support emitting logs only on errors (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7410">#7410</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/2f50a04dbb13f78744b19de7e31f092bd559e257">2f50a04</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7402">#7402</a></li>
<li>validate git vars only when needed (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7342">#7342</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/7aa6b2aa6f29c33d4dc31baf7bded46475009f37">7aa6b2a</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7282">#7282</a></li>
<li>write pull request status summary comment (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7372">#7372</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/25ed9081562b01a0883cd102985176840a4e4350">25ed908</a>)</li>
</ul>
<h3>🐛 Bugfixes</h3>
<ul>
<li>check renovate before exclusive checks (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7368">#7368</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/a140d67e92c83cd769cc13996f8be0cd39dec6c0">a140d67</a>)</li>
<li>don't add GITHUB_WORKSPACE multiple times (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7439">#7439</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/be04fc3da15cc3d129dc2fedb8c34aee9e9daabd">be04fc3</a>),
closes <a
href="https://redirect.github.com/super-linter/super-linter/issues/7430">#7430</a></li>
<li>don't save logs to file when running parallel (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7442">#7442</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ce306b8201d29655374c427d70b681413bca41c9">ce306b8</a>)</li>
<li>fix command options initialization (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7407">#7407</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/b74abd4414ad522b9b8b63c0be89c82401685a02">b74abd4</a>)</li>
<li>fix linter configuration and go version (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7401">#7401</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/564808bd9a27e3932214f085fd543967645e015e">564808b</a>)</li>
</ul>
<h3>⬆️ Dependency updates</h3>
<ul>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7332">#7332</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/612347c8413a07a27e78971d506d01ebdcb5c4f8">612347c</a>)</li>
<li><strong>bundler:</strong> bump rubocop in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7451">#7451</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/f17c26b5500e46662ef80af0062e0aaa030c1368">f17c26b</a>)</li>
<li><strong>bundler:</strong> bump rubocop-rails in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7356">#7356</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/e7abb06788f217908612bad4b643c1585000ff22">e7abb06</a>)</li>
<li><strong>bundler:</strong> bump rubocop-rspec in /dependencies in the
rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7367">#7367</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/cee7c2612592ec206badac280b3ff4925584d3f1">cee7c26</a>)</li>
<li><strong>docker:</strong> bump golangci/golangci-lint in the docker
group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7365">#7365</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/149226b87075eccfdcb7bc6878dafd27bfcc7c7a">149226b</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7336">#7336</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/9d05e2a91c0be94e6f28a34c526c52f9e8b095c5">9d05e2a</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7440">#7440</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/806ddf4e6997ef77327d9ba9c962646353167b19">806ddf4</a>)</li>
<li><strong>docker:</strong> bump the docker group across 1 directory
with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7388">#7388</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/89c80ac10b078a8d6b52a9a76c211007eaaf6360">89c80ac</a>)</li>
<li><strong>docker:</strong> bump the docker group with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7343">#7343</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/4d1a380d07b2a2a88512d030b9458f3aaf493a3c">4d1a380</a>)</li>
<li><strong>docker:</strong> bump the docker group with 3 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7412">#7412</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/fa071609556501585cd0be9be121d26746dbbeae">fa07160</a>)</li>
<li><strong>java:</strong> bump com.puppycrawl.tools:checkstyle (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7348">#7348</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/3bc0dc24804d9460682574474bdef76639902fef">3bc0dc2</a>)</li>
<li><strong>npm:</strong> bump <code>@​modelcontextprotocol/sdk</code>
in /dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7364">#7364</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/898760f2dbc5db08f517ee019bdc839cf71b3be9">898760f</a>)</li>
<li><strong>npm:</strong> bump diff from 5.2.0 to 5.2.2 in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7425">#7425</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ee62ba3ccfab3fe5a532f0d3194a5f9e6083a109">ee62ba3</a>)</li>
<li><strong>npm:</strong> bump hono from 4.11.3 to 4.11.4 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7379">#7379</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ca2821d6972b9c217378894dc8e5ed30cf9d8c47">ca2821d</a>)</li>
<li><strong>npm:</strong> bump lodash from 4.17.21 to 4.17.23 in
/dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7433">#7433</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/be9429269f236ad5313cd2ae84a75a5345ae5f19">be94292</a>)</li>
<li><strong>npm:</strong> bump qs from 6.14.0 to 6.14.1 in /dependencies
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7350">#7350</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/64969c4c6182962e89fb021aa0918092b9933fd6">64969c4</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 16
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7411">#7411</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/644fff4cf8f9c402888e29313139dd6e7cbce40e">644fff4</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 2
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7438">#7438</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/c5014155105e052013c696bd5452f10a75b8aac6">c501415</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 3
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7341">#7341</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/62ebdce8dab77ccde99bce0d8a5d9af5f252cec8">62ebdce</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 3
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7371">#7371</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/5112c873d853500f860fefdd2953904e2915cfb5">5112c87</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 4
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7338">#7338</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/07b91bc3ad16c692d57f0cf10a6916f11a2561a1">07b91bc</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 4
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7366">#7366</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/13ced20cba70e05b9ee22cb5f4cc9a939407ea50">13ced20</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 4
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7418">#7418</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/ec5d03f944e6535c33bf73aa0c25bd9800dea9a9">ec5d03f</a>)</li>
<li><strong>npm:</strong> bump the npm group across 1 directory with 8
updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7355">#7355</a>)
(<a
href="https://github.com/super-linter/super-linter/commit/1b38ef9a418a8a25b65b8fdba8de1865bf460c86">1b38ef9</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/super-linter/super-linter/commit/12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e"><code>12562e4</code></a>
chore(main): release 8.4.0 (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7339">#7339</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/334a7aaba1fa59bc2bd2a2c86c291511e382999e"><code>334a7aa</code></a>
deps(python): bump the pip group across 1 directory with 5 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7447">#7447</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/f17c26b5500e46662ef80af0062e0aaa030c1368"><code>f17c26b</code></a>
deps(bundler): bump rubocop in /dependencies in the rubocop group (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7451">#7451</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/a8f58890638a9f31adc16fb30dce9f6608a3d8e8"><code>a8f5889</code></a>
ci(dev-docker): bump node in /dev-dependencies (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7431">#7431</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/806ddf4e6997ef77327d9ba9c962646353167b19"><code>806ddf4</code></a>
deps(docker): bump the docker group across 1 directory with 2 updates
(<a
href="https://redirect.github.com/super-linter/super-linter/issues/7440">#7440</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/43476917b49cbb16d006f01e0779ee176d1eae64"><code>4347691</code></a>
deps(npm): bump the npm group across 1 directory with 8 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7452">#7452</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/d3fa12f4a0efde2e479cbe4733962bb25d975522"><code>d3fa12f</code></a>
chore: refactor tests (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7446">#7446</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/c5014155105e052013c696bd5452f10a75b8aac6"><code>c501415</code></a>
deps(npm): bump the npm group across 1 directory with 2 updates (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7438">#7438</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/ce306b8201d29655374c427d70b681413bca41c9"><code>ce306b8</code></a>
fix: don't save logs to file when running parallel (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7442">#7442</a>)</li>
<li><a
href="https://github.com/super-linter/super-linter/commit/be04fc3da15cc3d129dc2fedb8c34aee9e9daabd"><code>be04fc3</code></a>
fix: don't add GITHUB_WORKSPACE multiple times (<a
href="https://redirect.github.com/super-linter/super-linter/issues/7439">#7439</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/super-linter/super-linter/compare/d5b0a2ab116623730dd094f15ddc1b6b25bf7b99...12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=super-linter/super-linter&package-manager=github_actions&previous-version=8.3.2&new-version=8.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: François Mockers <francois.mockers@vleue.com>
 2026-01-30 23:39:10 +00:00
dependabot[bot] 44ae8e2416 Bump actions/cache from 5.0.1 to 5.0.3 (#22740) 
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to
5.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.0.3">https://github.com/actions/cache/compare/v5...v5.0.3</a></p>
<h2>v.5.0.2</h2>
<h1>v5.0.2</h1>
<h2>What's Changed</h2>
<p>When creating cache entries, 429s returned from the cache service
will not be retried.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]<br />
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a
href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a
href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a>
with the new version and changes in the <code>## Changelog</code>
section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by
updating the <a
href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a>
file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed
and merged.</li>
<li>Draft a new release <a
href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a>
use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you
made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a
href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version
number.</li>
<li>Approve the run to publish the new version and update the major tags
for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.3 <a
href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li>
</ul>
<h3>5.0.1</h3>
<ul>
<li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via
<code>@actions/cache@5.0.1</code> <a
href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li>
</ul>
<h3>5.0.0</h3>
<blockquote>
<p>[!IMPORTANT]
<code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of <code>2.327.1</code>.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>4.3.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to <a
href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306"><code>cdf6c1f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1695">#1695</a>
from actions/Link-/prepare-5.0.3</li>
<li><a
href="https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d"><code>a1bee22</code></a>
Add review for the <code>@​actions/http-client</code> license</li>
<li><a
href="https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f"><code>4695763</code></a>
Add licensed output</li>
<li><a
href="https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502"><code>dc73bb9</code></a>
Upgrade dependencies and address security warnings</li>
<li><a
href="https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a"><code>345d5c2</code></a>
Add 5.0.3 builds</li>
<li><a
href="https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7"><code>8b402f5</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1692">#1692</a>
from GhadimiR/main</li>
<li><a
href="https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002"><code>304ab5a</code></a>
license for httpclient</li>
<li><a
href="https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be"><code>609fc19</code></a>
Update licensed record for cache</li>
<li><a
href="https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5"><code>b22231e</code></a>
Build</li>
<li><a
href="https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a"><code>93150cd</code></a>
Add PR link to releases</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=5.0.1&new-version=5.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-30 07:18:43 +00:00
dependabot[bot] 7f8d8a41d9 Bump github/codeql-action from 4.31.10 to 4.32.0 (#22741) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.31.10 to 4.32.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.32.0</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li>
</ul>
<h2>v4.31.11</h2>
<ul>
<li>When running a Default Setup workflow with <a
href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions
debugging enabled</a>, the CodeQL Action will now use more unique names
when uploading logs from the Dependabot authentication proxy as workflow
artifacts. This ensures that the artifact names do not clash between
multiple jobs in a build matrix. <a
href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li>
<li>Improved error handling throughout the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li>
<li>Added experimental support for automatically excluding <a
href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated
files</a> from the analysis. This feature is not currently enabled for
any analysis. In the future, it may be enabled by default for some
GitHub-managed analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li>
<li>The changelog extracts that are included with releases of the CodeQL
Action are now shorter to avoid duplicated information from appearing in
Dependabot PRs. <a
href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.32.0 - 26 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li>
</ul>
<h2>4.31.11 - 23 Jan 2026</h2>
<ul>
<li>When running a Default Setup workflow with <a
href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions
debugging enabled</a>, the CodeQL Action will now use more unique names
when uploading logs from the Dependabot authentication proxy as workflow
artifacts. This ensures that the artifact names do not clash between
multiple jobs in a build matrix. <a
href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li>
<li>Improved error handling throughout the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li>
<li>Added experimental support for automatically excluding <a
href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated
files</a> from the analysis. This feature is not currently enabled for
any analysis. In the future, it may be enabled by default for some
GitHub-managed analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li>
<li>The changelog extracts that are included with releases of the CodeQL
Action are now shorter to avoid duplicated information from appearing in
Dependabot PRs. <a
href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li>
</ul>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b20883b0cd1f46c72ae0ba6d1090936928f9fa30"><code>b20883b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3428">#3428</a>
from github/update-v4.32.0-e3b8227a2</li>
<li><a
href="https://github.com/github/codeql-action/commit/c9aa45dd0f8ba0b0433386779eb4798c2545156b"><code>c9aa45d</code></a>
Update changelog for v4.32.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/e3b8227a28dee88b8eaf5597d892a0cea497e634"><code>e3b8227</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3427">#3427</a>
from github/henrymercer/bump-for-new-minor-series</li>
<li><a
href="https://github.com/github/codeql-action/commit/8a01181ce209b3e3f51c6add1b9e1e744bdf0064"><code>8a01181</code></a>
Compare minor version number</li>
<li><a
href="https://github.com/github/codeql-action/commit/80e142568fc335997bbf78abac097448213bd9ae"><code>80e1425</code></a>
Bump minor version for CLI v2.24.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/b748848f27bc46a97bbb965c606bbc298e760a9a"><code>b748848</code></a>
Bump the Action minor version number on new CodeQL minor version
series</li>
<li><a
href="https://github.com/github/codeql-action/commit/5e767eff5aa6e2b719f353611ff3c363d6225d18"><code>5e767ef</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3425">#3425</a>
from github/update-bundle/codeql-bundle-v2.24.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/975286947045be7e8b204a16b36b1b04b9feef86"><code>9752869</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/c62c214723e7c0cdfb907bede6988df3a0640c7e"><code>c62c214</code></a>
Update default bundle to codeql-bundle-v2.24.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/25a224b8085c21d4d61b7fc051468805fc3ac490"><code>25a224b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3423">#3423</a>
from github/mbg/ci/yq-windows</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/cdefb33c0f6224e58673d9004f47f7cb3e328b89...b20883b0cd1f46c72ae0ba6d1090936928f9fa30">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.31.10&new-version=4.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-30 07:17:17 +00:00
dependabot[bot] adb2df099b Bump crate-ci/typos from 1.42.1 to 1.42.3 (#22738) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.42.1 to
1.42.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.42.3</h2>
<h2>[1.42.3] - 2026-01-27</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>loosing</code></li>
</ul>
<h2>v1.42.2</h2>
<h2>[1.42.2] - 2026-01-26</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>substituters</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.42.3] - 2026-01-27</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>loosing</code></li>
</ul>
<h2>[1.42.2] - 2026-01-26</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>substituters</code></li>
</ul>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
<h2>[1.42.0] - 2026-01-07</h2>
<h3>Features</h3>
<ul>
<li>Dictionary updates</li>
</ul>
<h2>[1.41.0] - 2025-12-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1431">December
2025</a> changes</li>
</ul>
<h2>[1.40.1] - 2025-12-29</h2>
<h3>Fixes</h3>
<ul>
<li>Treat <code>incrementer</code> and <code>incrementor</code> the same
for now</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Don't correct ITerm2</li>
</ul>
<h2>[1.40.0] - 2025-11-26</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/06d010dfe4c84fdab1a25ea02b57b3585018ba80"><code>06d010d</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/11c14f6b0c1cf4bdfa7d83ed87fce1d48cafe7d0"><code>11c14f6</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/9ff312c33cc27380ecf68ad05566dfc3c78c6171"><code>9ff312c</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1480">#1480</a>
from epage/loosing</li>
<li><a
href="https://github.com/crate-ci/typos/commit/01fbc2d3516889626776ceac83bbebe28d255e87"><code>01fbc2d</code></a>
fix(dict): Allow loosing</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a1d64977b4aa1709d6328d518aa753f4899352d8"><code>a1d6497</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/36a2bf87b46ec72bc22eb1c0941376f7e1d03bcd"><code>36a2bf8</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/86e61a1f864293c9225a51b37db3f6327cc4828f"><code>86e61a1</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1475">#1475</a>
from kachick/restore-substituters</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5b5d2987662152449f69d74411f96707e683d0dd"><code>5b5d298</code></a>
fix(dict): Don't correct substituters</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/65120634e79d8374d1aa2f27e54baa0c364fff5a...06d010dfe4c84fdab1a25ea02b57b3585018ba80">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.42.1&new-version=1.42.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-30 07:17:12 +00:00
Kevin Reid cf32081540 Remove dependency from "bevy_platform/web" to "bevy_platform/std" (#22184) 
# Objective

Fixes #22168.

## Solution

Remove dependency from "bevy_platform/web" to "bevy_platform/std",
partially reverting #20369.

This PR was made per @alice-i-cecile 's suggestion
https://github.com/bevyengine/bevy/issues/22168#issuecomment-3667179194.
I am not familiar enough with Bevy internal dependencies to know if this
is a wise change.

## Testing

- Manually tested that the `no_std` build described in the issue
succeeds.
- Added a regression test in CI.
- Did not test whether this has any negative effects on actual web
builds.
 2026-01-28 23:15:23 +00:00
dependabot[bot] 78166fb28f Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#22661) 
Bumps
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
from 8.0.0 to 8.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v8.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>README.md: bump given GitHub actions to their latest versions by <a
href="https://github.com/deining"><code>@​deining</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4265">peter-evans/create-pull-request#4265</a></li>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4273">peter-evans/create-pull-request#4273</a></li>
<li>build(deps-dev): bump the npm group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4274">peter-evans/create-pull-request#4274</a></li>
<li>build(deps-dev): bump undici from 6.22.0 to 6.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4284">peter-evans/create-pull-request#4284</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4289">peter-evans/create-pull-request#4289</a></li>
<li>fix: Handle remote prune failures gracefully on self-hosted runners
by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4295">peter-evans/create-pull-request#4295</a></li>
<li>feat: add <code>@​octokit/plugin-retry</code> to handle retriable
server errors by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4298">peter-evans/create-pull-request#4298</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/deining"><code>@​deining</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4265">peter-evans/create-pull-request#4265</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v8.0.0...v8.1.0">https://github.com/peter-evans/create-pull-request/compare/v8.0.0...v8.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/c0f553fe549906ede9cf27b5156039d195d2ece0"><code>c0f553f</code></a>
feat: add <code>@​octokit/plugin-retry</code> to handle retriable server
errors (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4298">#4298</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/70001242bfa9ec7844891e620fdda69a2a2a06c7"><code>7000124</code></a>
fix: Handle remote prune failures gracefully (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4295">#4295</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/34aa40e9cf0bb8b5be745a552003fdeb25e4dd3a"><code>34aa40e</code></a>
build: update distribution (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4289">#4289</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/641099ddca097df58c3369dd5e1f33322b223029"><code>641099d</code></a>
build(deps-dev): bump undici from 6.22.0 to 6.23.0 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4284">#4284</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/2271f1ddcf09437ed8f019733eb5cfba58ac76f0"><code>2271f1d</code></a>
build(deps-dev): bump the npm group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4274">#4274</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/437c31a11dd02128dd37633ad8d3832853477e7a"><code>437c31a</code></a>
build(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4273">#4273</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/0979079bc20c05bbbb590a56c21c4e2b1d1f1bbe"><code>0979079</code></a>
docs: update readme</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/5b751cdf403b4f0314c656b2618939e4c8bdf824"><code>5b751cd</code></a>
README.md: bump given GitHub actions to their latest versions (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4265">#4265</a>)</li>
<li>See full diff in <a
href="https://github.com/peter-evans/create-pull-request/compare/98357b18bf14b5342f975ff684046ec3b2a07725...c0f553fe549906ede9cf27b5156039d195d2ece0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=8.0.0&new-version=8.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 11:15:39 +00:00
dependabot[bot] 27c6323ef8 Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 (#22664) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.3.0 to 0.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.1</h2>
<p>This version fixes an error in the 0.4.0 release that prevented
non-relative use
of the action.</p>
<h2>What's Changed</h2>
<ul>
<li>Fix version file path by <a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/83">zizmorcore/zizmor-action#83</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1">https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1</a></p>
<h2>v0.4.0</h2>
<p>This new version of <code>zizmor-action</code> brings two major
changes:</p>
<ul>
<li>
<p>The new <code>fail-on-no-inputs</code> option can be used to control
whether
<code>zizmor-action</code> fails if no inputs were collected by
<code>zizmor</code>. The default
remains <code>true</code>, reflecting the pre-existing behavior.</p>
</li>
<li>
<p>The action's use of the official <code>zizmor</code> Docker images is
now fully
hash-checked internally, preventing accidental or malicious modification
to the images. This also means that subsequent releases of
<code>zizmor</code>
will induce a release of this action, rather than the action always
picking
up the latest version by default.</p>
</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>docs: extended permissions required for internal repos by <a
href="https://github.com/AntoineSebert"><code>@​AntoineSebert</code></a>
in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/61">zizmorcore/zizmor-action#61</a></li>
<li>docs: clarify description of &quot;token&quot; to indicate it is
only used for online audits by <a
href="https://github.com/rmuir"><code>@​rmuir</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/63">zizmorcore/zizmor-action#63</a></li>
<li>Hash-check zizmor Docker images by <a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/68">zizmorcore/zizmor-action#68</a></li>
<li>Add <code>fail-on-no-inputs</code> option by <a
href="https://github.com/woodruffw"><code>@​woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/67">zizmorcore/zizmor-action#67</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/AntoineSebert"><code>@​AntoineSebert</code></a>
made their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/61">zizmorcore/zizmor-action#61</a></li>
<li><a href="https://github.com/rmuir"><code>@​rmuir</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/63">zizmorcore/zizmor-action#63</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.3.0...v0.4.0">https://github.com/zizmorcore/zizmor-action/compare/v0.3.0...v0.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/135698455da5c3b3e55f73f4419e481ab68cdd95"><code>1356984</code></a>
Fix version file path (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/83">#83</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/72469cf6cc7fbd7801d9b361f11f25c0b5fc9d42"><code>72469cf</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/80">#80</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/3aa7e2f1ad15075829ef5158ee06938ae12e1769"><code>3aa7e2f</code></a>
Add fail-on-no-inputs tests (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/79">#79</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/92fc377b741151b893e77df75819fb34a198f677"><code>92fc377</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/78">#78</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/5aff8efe9fc7bea2f977d55dcc7c98923f22d887"><code>5aff8ef</code></a>
Add <code>fail-on-no-inputs</code> option (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/67">#67</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/4d497b9cc8b9f59f4154478dffc4bab6a783fc69"><code>4d497b9</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/75">#75</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/5fa0711fa51dd83a19dbfcf0195cfb02e61571ef"><code>5fa0711</code></a>
Fix sync-zizmor-versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/69">#69</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/c823f2c8e66ceac799af6d2d17b1d83b6d5a0177"><code>c823f2c</code></a>
Hash-check zizmor Docker images (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/68">#68</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/706c51b5bce7adb027de71ab36d865f5d3fcc7b7"><code>706c51b</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/66">#66</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/cb3d8e846e148d1111d90b03375b9c03deceda37"><code>cb3d8e8</code></a>
chore(deps): bump actions/checkout in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/65">#65</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/zizmorcore/zizmor-action/compare/e639db99335bc9038abc0e066dfcd72e23d26fb4...135698455da5c3b3e55f73f4419e481ab68cdd95">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.3.0&new-version=0.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 11:15:36 +00:00
dependabot[bot] e2f453fe45 Bump crate-ci/typos from 1.42.0 to 1.42.1 (#22663) 
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.42.0 to
1.42.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.42.1</h2>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
<h2>[1.42.0] - 2026-01-07</h2>
<h3>Features</h3>
<ul>
<li>Dictionary updates</li>
</ul>
<h2>[1.41.0] - 2025-12-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1431">December
2025</a> changes</li>
</ul>
<h2>[1.40.1] - 2025-12-29</h2>
<h3>Fixes</h3>
<ul>
<li>Treat <code>incrementer</code> and <code>incrementor</code> the same
for now</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Don't correct ITerm2</li>
</ul>
<h2>[1.40.0] - 2025-11-26</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1405">November
2025</a> changes</li>
</ul>
<h2>[1.39.2] - 2025-11-13</h2>
<h3>Fixes</h3>
<ul>
<li>Don't offer <code>entry</code> as a correction for
<code>entrys</code></li>
</ul>
<h2>[1.39.1] - 2025-11-12</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/65120634e79d8374d1aa2f27e54baa0c364fff5a"><code>6512063</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/2049566b9c8d1828af41b31f770bbc44d6b34eab"><code>2049566</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/cbc66c9a8518fdb8d78f6502705ffad9a58574c5"><code>cbc66c9</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1471">#1471</a>
from epage/hex</li>
<li><a
href="https://github.com/crate-ci/typos/commit/207157952c1c5bb2f91d933d56924dcb674cd919"><code>2071579</code></a>
fix(tokens): Ignore hex literals with suffixes</li>
<li><a
href="https://github.com/crate-ci/typos/commit/7300bb0964cb8a525429adbde59c6a4eeb27099e"><code>7300bb0</code></a>
perf(token): Avoid switching to chars</li>
<li><a
href="https://github.com/crate-ci/typos/commit/01955c0f2a615c6f18fecd48a83fce416f520c38"><code>01955c0</code></a>
perf(token): Prefer slices over characters</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5d4cfab739a1567f49a71c421647370271da220f"><code>5d4cfab</code></a>
test(cli): Show hex literal issue</li>
<li><a
href="https://github.com/crate-ci/typos/commit/3cee018e3f423e227a4df83b164d33084d6ee2be"><code>3cee018</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1468">#1468</a>
from Wilfred/patch-1</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a96a636d4eab2dee39e7046a61c94cf3171cbaad"><code>a96a636</code></a>
Fix typo in ripsecrets link</li>
<li><a
href="https://github.com/crate-ci/typos/commit/837ad2701b39a6d960ea301041d309c10185efd6"><code>837ad27</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1467">#1467</a>
from Wilfred/full_examples_in_reference</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/bb4666ad77b539a6b4ce4eda7ebb6de553704021...65120634e79d8374d1aa2f27e54baa0c364fff5a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.42.0&new-version=1.42.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 11:15:32 +00:00
dependabot[bot] 456b0cad08 Bump actions/checkout from 6.0.1 to 6.0.2 (#22662) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1
to 6.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID
is set by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a>
Fix tag handling: preserve annotations and explicit fetch-tags (<a
href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a>
Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is
set (...</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=6.0.1&new-version=6.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 11:15:28 +00:00
dependabot[bot] d2fe9d3e98 Bump actions/setup-java from 5.1.0 to 5.2.0 (#22660) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from
5.1.0 to 5.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-java/releases">actions/setup-java's
releases</a>.</em></p>
<blockquote>
<h2>v5.2.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement</h3>
<ul>
<li>Retry on HTTP 522 Connection timed out by <a
href="https://github.com/findepi"><code>@​findepi</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/964">actions/setup-java#964</a></li>
</ul>
<h3>Documentation Changes</h3>
<ul>
<li>Update gradle caching by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/972">actions/setup-java#972</a></li>
<li>Update checkout to v6 by <a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/973">actions/setup-java#973</a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Upgrade <code>@​actions/cache</code> to v5 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/968">actions/setup-java#968</a></li>
<li>Upgrade actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/961">actions/setup-java#961</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/findepi"><code>@​findepi</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-java/pull/964">actions/setup-java#964</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-java/compare/v5...v5.2.0">https://github.com/actions/setup-java/compare/v5...v5.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-java/commit/be666c2fcd27ec809703dec50e508c2fdc7f6654"><code>be666c2</code></a>
Chore: Version Update and Checkout Update to v6 (<a
href="https://redirect.github.com/actions/setup-java/issues/973">#973</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/f7a6fefba97e80156950e16f2a9dafc8579b7d05"><code>f7a6fef</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/actions/setup-java/issues/961">#961</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/d81c4e45f3ac973cc936d79104023e20054ba578"><code>d81c4e4</code></a>
Upgrade <code>@​actions/cache</code> to v5 (<a
href="https://redirect.github.com/actions/setup-java/issues/968">#968</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/1b1bbe1085cb6ab21b5b19b7bebc091a9430026a"><code>1b1bbe1</code></a>
readme update (<a
href="https://redirect.github.com/actions/setup-java/issues/972">#972</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/5d7b2146334bacf88728daaa70414a99f5164e0f"><code>5d7b214</code></a>
Retry on HTTP 522 Connection timed out (<a
href="https://redirect.github.com/actions/setup-java/issues/964">#964</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-java/compare/f2beeb24e141e01a676f977032f5a29d81c9e27e...be666c2fcd27ec809703dec50e508c2fdc7f6654">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-java&package-manager=github_actions&previous-version=5.1.0&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 11:15:25 +00:00
dependabot[bot] bb4642cde3 Bump github/codeql-action from 4.31.9 to 4.31.10 (#22512) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.31.9 to 4.31.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.31.10</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
<li>Update default CodeQL bundle version to 2.23.5. <a
href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li>
</ul>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<h2>4.31.0 - 24 Oct 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89"><code>cdefb33</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3394">#3394</a>
from github/update-v4.31.10-0fa411efd</li>
<li><a
href="https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31"><code>cfa77c6</code></a>
Update changelog for v4.31.10</li>
<li><a
href="https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a"><code>0fa411e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3393">#3393</a>
from github/update-bundle/codeql-bundle-v2.23.9</li>
<li><a
href="https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78"><code>c284324</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304"><code>83e7d00</code></a>
Update default bundle to codeql-bundle-v2.23.9</li>
<li><a
href="https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6"><code>f6a16be</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3391">#3391</a>
from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...</li>
<li><a
href="https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270"><code>c1f5f1a</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89"><code>1805d8d</code></a>
Bump the npm-minor group with 2 updates</li>
<li><a
href="https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a"><code>b2951d2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3353">#3353</a>
from github/kaspersv/bump-min-cli-v-for-overlay</li>
<li><a
href="https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f"><code>41448d9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3287">#3287</a>
from github/henrymercer/generate-mergeback-last</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...cdefb33c0f6224e58673d9004f47f7cb3e328b89">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.31.9&new-version=4.31.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-14 20:08:01 +00:00