Skip to content

build(deps): bump the dependencies group across 1 directory with 6 updates#6083

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/dependencies-772f7bb3fd
Open

build(deps): bump the dependencies group across 1 directory with 6 updates#6083
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/dependencies-772f7bb3fd

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the dependencies group with 6 updates in the / directory:

Package From To
megalinter/megalinter 8.4.2 9.4.0
codecov/codecov-action 5.5.3 6.0.0
goreleaser/goreleaser-action 7.0.0 7.2.1
codespell-project/actions-codespell 2.1 2.2
actions/github-script 7 9
actions/stale 9 10

Updates megalinter/megalinter from 8.4.2 to 9.4.0

Release notes

Sourced from megalinter/megalinter's releases.

v9.4.0

What's Changed

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(n²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

  • Core

  • New linters

    • osv-scanner (trivy-like security linter, by Google)

  • Disabled linters

    • Disable trivy until their security issue is solved
    • Disable KICS until their security issue is solved
    • Disable spectral which is crashing

  • Deprecated linters

  • Removed linters

  • Media

  • Linters enhancements

  • Fixes

    • Fix linter output by section in Console reporter

  • Reporters

  • Flavors

  • Doc

    • Migrate copilot-instructions into Claude Code Agents & Skills

  • CI

    • Disable trivy-action until their security issue is solved
    • Run ARM linter jobs only if the latest commit message contains "ARM" (to avoid 200 jobs for each PR)
    • Prevent MegaLinter to push a new commit if the only updates are on markdown files
    • Activate osv-scanner on own sources
    • Exclude test dependencies from dependabot

  • mega-linter-runner

  • Linter versions upgrades (N)

... (truncated)

Commits
  • 8fbdead Release MegaLinter v9.4.0
  • 9f605c4 Fix custom flavor builder workflow (#7306)
  • b7dcb60 Update changelog to prepare release (#7304)
  • 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
  • edba876 [automation] Auto-update linters version, help and documentation (#7299)
  • 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
  • 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
  • 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
  • 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
  • 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.3 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates goreleaser/goreleaser-action from 7.0.0 to 7.2.1

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.1

This fully removes the usage of the old nightly moving tag.

Full Changelog: goreleaser/goreleaser-action@v7.2.0...v7.2.1

v7.2.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.0

v7.1.0

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

Commits
  • 1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
  • a71152e refactor: drop legacy 'nightly' tag fallback
  • 4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
  • 4f96abf feat: add version-file input (#556)
  • 15fa2a9 test: cover install across release eras (#555)
  • e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
  • be2e8a3 docs: document cosign verification in README (#553)
  • 5e53f8e ci: add release-major-tag workflow (#552)
  • 4068afa build: drop docker-bake in favor of plain npm (#551)
  • 213ec80 docs: add CONTRIBUTING with pre-commit workflow
  • Additional commits viewable in compare view

Updates codespell-project/actions-codespell from 2.1 to 2.2

Release notes

Sourced from codespell-project/actions-codespell's releases.

v2.2

What's Changed

New Contributors

Full Changelog: codespell-project/actions-codespell@v2...v2.2

Commits

Updates actions/github-script from 7 to 9

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

... (truncated)

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates actions/stale from 9 to 10

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: actions/stale@v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: actions/stale@v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[10.1.0]

What's Changed

[10.0.0]

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

... (truncated)

Commits
  • b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
  • dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
  • d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
  • a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
  • 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
  • 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
  • fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
  • 39bea7d Add Missing Input Reading for only-issue-types (#1298)
  • e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
  • 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the dependencies group across 1 directory with 6 up…
8e353b8 
…dates

Bumps the dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [megalinter/megalinter](https://github.com/megalinter/megalinter) | `8.4.2` | `9.4.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.3` | `6.0.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.0.0` | `7.2.1` |
| [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) | `2.1` | `2.2` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |
| [actions/stale](https://github.com/actions/stale) | `9` | `10` |



Updates `megalinter/megalinter` from 8.4.2 to 9.4.0
- [Release notes](https://github.com/megalinter/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@ec124f7...8fbdead)

Updates `codecov/codecov-action` from 5.5.3 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@1af5884...57e3a13)

Updates `goreleaser/goreleaser-action` from 7.0.0 to 7.2.1
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@ec59f47...1a80836)

Updates `codespell-project/actions-codespell` from 2.1 to 2.2
- [Release notes](https://github.com/codespell-project/actions-codespell/releases)
- [Commits](codespell-project/actions-codespell@406322e...8f01853)

Updates `actions/github-script` from 7 to 9
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v9)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

---
updated-dependencies:
- dependency-name: megalinter/megalinter
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: codespell-project/actions-codespell
  dependency-version: '2.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/github-script
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels May 1, 2026
@mergify mergify Bot added the needs-work Extra attention is needed label May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code needs-work Extra attention is needed size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants