actions/ruff - ruff - Gitea: Git with a cup of tea

mirror of https://github.com/astral-sh/ruff-action.git synced 2026-05-12 20:50:14 +02:00

Author	SHA1	Message	Date
Zanie Blue	248b6d6da3	Update the release process to match setup-uv (#364 )	2026-04-27 10:31:05 -05:00
Kevin Stillhammer	eb44a0e99b	Draft commitish releases (#359 )	2026-04-16 20:31:36 +02:00
dependabot[bot]	2915b93f0d	Bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (#356 ) Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.2 to 0.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's releases</a>.</em></p> <blockquote> <h2>v0.5.3</h2> <ul> <li><code>1.24.0</code> and <code>1.24.1</code> are now available via the action</li> <li><code>1.24.1</code> is now the default version of zizmor used by the action</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/b1d7e1fb5de872772f31590499237e7cce841e8e"><code>b1d7e1f</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/102">#102</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/a195b57475917ddcb70845e5ffe1c3a15dbbdedc"><code>a195b57</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/100">#100</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/629d5d01fe5939a6aeae25c1bd1acd2cfa28e9b2"><code>629d5d0</code></a> chore(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/99">#99</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/453d591467e8199b1d5c6883b6ec5c22a12aac72"><code>453d591</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/98">#98</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/ea2c18b942410df0b22bed3b94c361c407518d45"><code>ea2c18b</code></a> Bump pins (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/97">#97</a>)</li> <li>See full diff in <a href="https://github.com/zizmorcore/zizmor-action/compare/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8...b1d7e1fb5de872772f31590499237e7cce841e8e">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.5.2&new-version=0.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-14 07:51:55 +02:00
Kevin Stillhammer	9b8caf6c41	Add manifest-file input (#352 )	2026-04-11 19:14:05 +02:00
dependabot[bot]	535554df96	Bump release-drafter/release-drafter from 6.2.0 to 7.2.0 (#350 ) Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6.2.0 to 7.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/release-drafter/release-drafter/releases">release-drafter/release-drafter's releases</a>.</em></p> <blockquote> <h2>v7.2.0</h2> <h1>What's Changed</h1> <h2>New</h2> <ul> <li>feat: allow always collapsing a category (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1444">#1444</a>) <a href="https://github.com/mhanberg"><code>@mhanberg</code></a></li> </ul> <h2>Bug Fixes</h2> <ul> <li>fix: improve advanced substitutions in replacers (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1555">#1555</a>) <a href="https://github.com/jetersen"><code>@jetersen</code></a></li> <li>fix: support repo-only _extends and prevent .github/ path doubling (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1577">#1577</a>) <a href="https://github.com/jetersen"><code>@jetersen</code></a></li> </ul> <h2>Maintenance</h2> <ul> <li>chore(deps): update dependency typescript to 6.0.2 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1587">#1587</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update vitest to 4.1.4 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1585">#1585</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>ci(deps): update peter-evans/create-pull-request action to v8 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1588">#1588</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update dependency vite to 8.0.5 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1579">#1579</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update dependency nock to 14.0.12 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1583">#1583</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update dependency <code>@types/node</code> to 24.12.2 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1582">#1582</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update dependency <code>@biomejs/biome</code> to 2.4.10 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1581">#1581</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore: move codegen to monthly scheduled workflow (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1578">#1578</a>) <a href="https://github.com/jetersen"><code>@jetersen</code></a></li> <li>chore: replace vite-tsconfig-paths plugin with native resolve.tsconfigPaths (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1571">#1571</a>) <a href="https://github.com/jetersen"><code>@jetersen</code></a></li> </ul> <h2>Documentation</h2> <ul> <li>docs: fix autolabeler example tag (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1568">#1568</a>) <a href="https://github.com/cchanche"><code>@cchanche</code></a></li> </ul> <h2>Dependency Updates</h2> <ul> <li>build(deps): bump lodash and <code>@graphql-codegen/plugin-helpers</code> (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1589">#1589</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>fix(deps): update dependency <code>@actions/github</code> to 9.1.0 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1586">#1586</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update dependency yaml to 2.8.3 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1580">#1580</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update node.js to v24.14.1 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1584">#1584</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> <li>chore(deps): update dependency <code>@biomejs/biome</code> to 2.4.10 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1581">#1581</a>) @<a href="https://github.com/apps/renovate">renovate[bot]</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0">https://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0</a></p> <h2>v7.1.1</h2> <h1>What's Changed</h1> <h2>Bug Fixes</h2> <ul> <li>fix: remove disable-releaser and disable-autolabeler from action.yaml (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1564">#1564</a>) <a href="https://github.com/cchanche"><code>@cchanche</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/release-drafter/release-drafter/compare/v7.1.0...v7.1.1">https://github.com/release-drafter/release-drafter/compare/v7.1.0...v7.1.1</a></p> <h2>v7.1.0</h2> <h1>What's Changed</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/release-drafter/release-drafter/commit/5de93583980a40bd78603b6dfdcda5b4df377b32"><code>5de9358</code></a> 7.2.0</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/e50d61c7deb94fc176ad7d31d7b71f60307829b2"><code>e50d61c</code></a> chore: rebuild dist</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/d3a61d3b778db0d18c3511a1d8a5585188fdb99f"><code>d3a61d3</code></a> chore: fix npm audit vulnerabilities</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/8bfa2791ec73890e3087b933c9db62d0a294a461"><code>8bfa279</code></a> build(deps): bump lodash and <code>@graphql-codegen/plugin-helpers</code> (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1589">#1589</a>)</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/c2a8a67ac931b548feeee49fe78975bd87720a0e"><code>c2a8a67</code></a> chore: remove engine-strict from .npmrc to fix Dependabot resolution</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/e51e4adf1695870d57ae9cf3fa8cc37064d6304d"><code>e51e4ad</code></a> chore(deps): update dependency typescript to 6.0.2 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1587">#1587</a>)</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/0e7bd548468b9ce7f0b082417f6ec32bc47173ae"><code>0e7bd54</code></a> fix(deps): update dependency <code>@actions/github</code> to 9.1.0 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1586">#1586</a>)</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/9c0b0a8cf19d3415f835a04b1987cd2451aaac85"><code>9c0b0a8</code></a> chore(deps): update dependency yaml to 2.8.3 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1580">#1580</a>)</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/b27f820cbc98c923f216e773d35bc7f4e8efd9ed"><code>b27f820</code></a> chore(deps): update vitest to 4.1.4 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1585">#1585</a>)</li> <li><a href="https://github.com/release-drafter/release-drafter/commit/eb9053430f473e03512e92caee9608b0db01ebd7"><code>eb90534</code></a> ci(deps): update peter-evans/create-pull-request action to v8 (<a href="https://redirect.github.com/release-drafter/release-drafter/issues/1588">#1588</a>)</li> <li>Additional commits viewable in <a href="https://github.com/release-drafter/release-drafter/compare/6db134d15f3909ccc9eefd369f02bd1e9cffdf97...5de93583980a40bd78603b6dfdcda5b4df377b32">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=release-drafter/release-drafter&package-manager=github_actions&previous-version=6.2.0&new-version=7.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-11 11:41:10 +02:00
Zanie Blue	26892dbe43	Add a release workflow (#349 ) Mirroring https://github.com/astral-sh/setup-uv/pull/839	2026-04-09 14:10:29 +02:00
dependabot[bot]	5b5935861b	Bump eifinger/actionlint-action from 1.10.0 to 1.10.2 (#347 ) Bumps [eifinger/actionlint-action](https://github.com/eifinger/actionlint-action) from 1.10.0 to 1.10.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eifinger/actionlint-action/commit/1fc89649be682d16ec5cf65ea16e269eb88d3982"><code>1fc8964</code></a> build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/34">#34</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/77c97feb783dfe1768d10f9dda219af0936f44a7"><code>77c97fe</code></a> build(deps): bump release-drafter/release-drafter from 6.2.0 to 7.1.1 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/40">#40</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/bc5a34046e0b08d672f8a517047621ce16320c2b"><code>bc5a340</code></a> chore: bump actionlint to 1.7.12 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/41">#41</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/7802e0cc3ab3f81cbffb36fb0bf1a3621d994b89"><code>7802e0c</code></a> Remove oracle-aarch64 from workflows (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/36">#36</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/8d9ad94ef799fdd386147ebbed32e940280f3dcd"><code>8d9ad94</code></a> set default actionlint version to 1.7.11 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/35">#35</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/4863b27ac4c7ab9e9c69405b36b49b7b4d97ead9"><code>4863b27</code></a> build(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/33">#33</a>)</li> <li>See full diff in <a href="https://github.com/eifinger/actionlint-action/compare/447fbfe7533062b7a9ea55f790f2396fba6d052a...1fc89649be682d16ec5cf65ea16e269eb88d3982">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eifinger/actionlint-action&package-manager=github_actions&previous-version=1.10.0&new-version=1.10.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-31 07:39:51 +02:00
Kevin Stillhammer	0be154b683	Migrate to ESMBundler and node 24 (#345 )	2026-03-28 15:52:59 +00:00
dependabot[bot]	25445a5bce	Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.2 (#333 ) Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.4.1 to 0.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's releases</a>.</em></p> <blockquote> <h2>v0.5.2</h2> <h2>What's Changed</h2> <ul> <li>zizmor 1.23.1 is now the default used by this action.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2">https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2</a></p> <h2>v0.5.1</h2> <h2>What's Changed</h2> <ul> <li>zizmor 1.23.0 is now the default used by this action.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1">https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1</a></p> <h2>v0.5.0</h2> <h2>What's Changed</h2> <ul> <li>Expose <code>output-file</code> as an output when <code>advanced-security: true</code> by <a href="https://github.com/unlobito"><code>@unlobito</code></a> in <a href="https://redirect.github.com/zizmorcore/zizmor-action/pull/87">zizmorcore/zizmor-action#87</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/unlobito"><code>@unlobito</code></a> made their first contribution in <a href="https://redirect.github.com/zizmorcore/zizmor-action/pull/87">zizmorcore/zizmor-action#87</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0">https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8"><code>71321a2</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/96">#96</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/5ed31db0964a9d37608edd5b0675de2b52070662"><code>5ed31db</code></a> Bump pins (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/95">#95</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/195d10ad90f31d8cd6ea1efd6ecc12969ddbe73f"><code>195d10a</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/94">#94</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/c65bc8876171b6d82748ec98b77c0193b1226b94"><code>c65bc88</code></a> chore(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/93">#93</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/c2c887f84674f9c15123e2905d2d307675d8bc01"><code>c2c887f</code></a> chore(deps): bump zizmorcore/zizmor-action in the github-actions group (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/91">#91</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/5507ab0c02a9ac3996895e1598d6b3385ea7d525"><code>5507ab0</code></a> Bump pins in README (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/90">#90</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d"><code>0dce257</code></a> chore(deps): bump peter-evans/create-pull-request (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/88">#88</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/fb9497493b591ad90176d3ecac5ca4aeff8c9faf"><code>fb94974</code></a> Expose <code>output-file</code> as an output when <code>advanced-security: true</code> (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/87">#87</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/867562a69bb7adcc63dd1e8c003600a58b5f70e2"><code>867562a</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/85">#85</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/7462f075f718787753331c6d98ca9ef8eb41e735"><code>7462f07</code></a> Bump pins in README (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/84">#84</a>)</li> <li>See full diff in <a href="https://github.com/zizmorcore/zizmor-action/compare/135698455da5c3b3e55f73f4419e481ab68cdd95...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.4.1&new-version=0.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-09 08:05:39 +01:00
eifinger-bot	4919ec5cf1	fix: persist credentials for git push in update-major-minor-tags workflow (#312 ) ## Problem After upgrading to `actions/checkout@v6`, the `update-major-minor-tags` workflow fails with: ``` fatal: could not read Username for 'https://github.com': No such device or address ``` Example: https://github.com/astral-sh/ruff-action/actions/runs/21509988231/job/61974754475 ## Root Cause `actions/checkout@v6` changed the behavior of `persist-credentials: false`. In v6, credentials are immediately cleaned up after checkout, whereas in v5 they remained available during the job. The workflow sets `persist-credentials: false` and then tries to `git push` — but the auth credentials are already gone. ## Fix Explicitly set `persist-credentials: true` (removing the `false` value). The workflow already has minimal permissions (`contents: write`) scoped only to this job, so this is safe. Added a `zizmor: ignore[artipacked]` comment in case the security linter flags this pattern.	2026-01-30 19:43:42 +01:00
eifinger-bot	1977806bc6	ci: add zizmor security linting (#313 ) ## Summary Adds [zizmor](https://github.com/woodruffw/zizmor) security linting to the CI workflow to scan GitHub Actions workflows for security issues. ## Changes - Added `permissions: security-events: write` to the `lint` job (required for zizmor) - Added `zizmorcore/zizmor-action@v0.4.1` step after actionlint Mirrors the setup in [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv/blob/803947b9bd8e9f986429fa0c5a41c367cd732b41/.github/workflows/test.yml#L29-L30).	2026-01-30 18:37:28 +00:00
Kevin Stillhammer	aedff8d295	Bump dependencies and actions (#311 )	2026-01-30 09:31:31 +01:00
dependabot[bot]	191187a20a	Bump actions/checkout from 5.0.0 to 6.0.1 (#278 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update all references from v5 and v4 to v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> <li>Clarify v6 README by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=5.0.0&new-version=6.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-28 18:31:29 +01:00
dependabot[bot]	ecac2cc03c	Bump github/codeql-action from 3.30.5 to 4.31.10 (#294 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.5 to 4.31.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.31.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v4.31.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>4.31.6 - 01 Dec 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.31.10 - 12 Jan 2026</h2> <ul> <li>Update default CodeQL bundle version to 2.23.9. <a href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li> </ul> <h2>4.31.9 - 16 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.8 - 11 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.8. <a href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li> </ul> <h2>4.31.7 - 05 Dec 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.7. <a href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li> </ul> <h2>4.31.6 - 01 Dec 2025</h2> <p>No user facing changes.</p> <h2>4.31.5 - 24 Nov 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.6. <a href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li> </ul> <h2>4.31.4 - 18 Nov 2025</h2> <p>No user facing changes.</p> <h2>4.31.3 - 13 Nov 2025</h2> <ul> <li>CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see <a href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming deprecation of CodeQL Action v3</a>.</li> <li>Update default CodeQL bundle version to 2.23.5. <a href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li> </ul> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/cdefb33c0f6224e58673d9004f47f7cb3e328b89"><code>cdefb33</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3394">#3394</a> from github/update-v4.31.10-0fa411efd</li> <li><a href="https://github.com/github/codeql-action/commit/cfa77c6b134886357b1c716fbe58a7708833bf31"><code>cfa77c6</code></a> Update changelog for v4.31.10</li> <li><a href="https://github.com/github/codeql-action/commit/0fa411efd0628aefdf9d03a0faa20a1e0edafc4a"><code>0fa411e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3393">#3393</a> from github/update-bundle/codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/c2843242125c2fb8dcd892f204eb2f8622886b78"><code>c284324</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/83e7d0046cd548fe4cb5d55f5b2ce30b0de62304"><code>83e7d00</code></a> Update default bundle to codeql-bundle-v2.23.9</li> <li><a href="https://github.com/github/codeql-action/commit/f6a16bef8e5c39e398e4da16862d381f76824ac6"><code>f6a16be</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3391">#3391</a> from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...</li> <li><a href="https://github.com/github/codeql-action/commit/c1f5f1a8b57e6da99af540e7c2f23ed33152e270"><code>c1f5f1a</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/1805d8d0a48bdde6eb34e4427b3c00c431427f89"><code>1805d8d</code></a> Bump the npm-minor group with 2 updates</li> <li><a href="https://github.com/github/codeql-action/commit/b2951d2a1ed70de8ec57301118b487b35c13595a"><code>b2951d2</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3353">#3353</a> from github/kaspersv/bump-min-cli-v-for-overlay</li> <li><a href="https://github.com/github/codeql-action/commit/41448d92b9e7bb3a481b3134031a56e52f85528f"><code>41448d9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3287">#3287</a> from github/henrymercer/generate-mergeback-last</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/3599b3baa15b485a2e49ef411a7a4bb2452e7f93...cdefb33c0f6224e58673d9004f47f7cb3e328b89">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.5&new-version=4.31.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-28 18:30:14 +01:00
dependabot[bot]	ddb8c29960	Bump actions/setup-node from 6.0.0 to 6.2.0 (#296 ) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.0.0 to 6.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2>What's Changed</h2> <h3>Documentation</h3> <ul> <li>Documentation update related to absence of Lockfile by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li> <li>Correct mirror option typos by <a href="https://github.com/MikeMcC399"><code>@MikeMcC399</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li> <li>Readme update on checkout version v6 by <a href="https://github.com/deining"><code>@deining</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li> <li>Readme typo fixes <a href="https://github.com/munyari"><code>@munyari</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1226">actions/setup-node#1226</a></li> <li>Advanced document update on checkout version v6 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1468">actions/setup-node#1468</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@actions/cache</code> to v5.0.1 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1449">actions/setup-node#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li> <li><a href="https://github.com/MikeMcC399"><code>@MikeMcC399</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li> <li><a href="https://github.com/deining"><code>@deining</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li> <li><a href="https://github.com/munyari"><code>@munyari</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1226">actions/setup-node#1226</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.2.0">https://github.com/actions/setup-node/compare/v6...v6.2.0</a></p> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancement:</h3> <ul> <li>Remove always-auth configuration handling by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1436">actions/setup-node#1436</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@actions/cache</code> from 4.0.3 to 4.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1384">actions/setup-node#1384</a></li> <li>Upgrade actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1439">actions/setup-node#1439</a></li> <li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1435">actions/setup-node#1435</a></li> </ul> <h3>Documentation update:</h3> <ul> <li>Add example for restore-only cache in documentation by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1419">actions/setup-node#1419</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.1.0">https://github.com/actions/setup-node/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238"><code>6044e13</code></a> Docs: bump actions/checkout from v5 to v6 (<a href="https://redirect.github.com/actions/setup-node/issues/1468">#1468</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657"><code>8e49463</code></a> Fix README typo (<a href="https://redirect.github.com/actions/setup-node/issues/1226">#1226</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/621ac41091d4227ef8fda5009c1ced96d8d36f7e"><code>621ac41</code></a> README.md: bump to latest released checkout version v6 (<a href="https://redirect.github.com/actions/setup-node/issues/1446">#1446</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/2951748f4c016b747952f8ca7e75fc64f2f62b53"><code>2951748</code></a> Bump <code>@actions/cache</code> to v5.0.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1449">#1449</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/21ddc7bc1fef4bd313efce0335fdcbf81827182c"><code>21ddc7b</code></a> Correct mirror option typos (<a href="https://redirect.github.com/actions/setup-node/issues/1442">#1442</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/65d868f8d4d85d7d4abb7de0875cde3fcc8798f5"><code>65d868f</code></a> Update Documentation for Lockfile (<a href="https://redirect.github.com/actions/setup-node/issues/1454">#1454</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f"><code>395ad32</code></a> Bump js-yaml from 3.14.1 to 3.14.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1435">#1435</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/a4d2e2bbca97c78789c5b6f8b2092769fdd8005c"><code>a4d2e2b</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/actions/setup-node/issues/1439">#1439</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/b9b25d45f70a5d94d88496aa4896bf9ed8f49b67"><code>b9b25d4</code></a> Remove always-auth configuration handling from action (<a href="https://redirect.github.com/actions/setup-node/issues/1436">#1436</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/633bb92bc0aabcae06e8ea93b85aecddd374c402"><code>633bb92</code></a> Bump <code>@actions/cache</code> from 4.0.3 to 4.1.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1384">#1384</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...6044e13b5dc448c55e2357c09f80417699197238">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=6.0.0&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-28 18:30:02 +01:00
Kevin Stillhammer	5eee2a4332	search in parent dir (#306 ) Fixes: #164 --------- Co-authored-by: Clawdbot <clawdbot@users.noreply.github.com>	2026-01-28 11:38:26 +01:00
Kevin Stillhammer	fde82cb611	Fix CI: Pin ruff version to stable 0.13.x in test fixture (#305 ) The test was using ruff>=0.14 which is under active development, causing failures as new versions like 0.14.13 are released. This changes the fixture to use ruff>=0.13 (where 0.13.3 is the final release) and updates the expected version in the test accordingly.	2026-01-25 21:39:11 +00:00
Kevin Stillhammer	deb632007b	ignore environment markers in dep specs (#295 ) Contributes to: #256	2026-01-15 13:58:24 +01:00
Kevin Stillhammer	90ea8a399c	Update the ruff-format matcher to properly extract all info (#293 ) Now that format also supports the github output format all info is available	2026-01-12 18:20:59 +01:00
dependabot[bot]	56403b4f7c	Bump eifinger/actionlint-action from 1.9.3 to 1.10.0 (#291 ) Bumps [eifinger/actionlint-action](https://github.com/eifinger/actionlint-action) from 1.9.3 to 1.10.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eifinger/actionlint-action/commit/447fbfe7533062b7a9ea55f790f2396fba6d052a"><code>447fbfe</code></a> build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/30">#30</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/9e2be07ed11ff8dabc99cc0ff06398b51836c192"><code>9e2be07</code></a> set default actionlint version to 1.7.10 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/31">#31</a>)</li> <li>See full diff in <a href="https://github.com/eifinger/actionlint-action/compare/213860089b7cf97d640aa67567898fabeb132746...447fbfe7533062b7a9ea55f790f2396fba6d052a">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eifinger/actionlint-action&package-manager=github_actions&previous-version=1.9.3&new-version=1.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-05 09:51:03 +01:00
Mattias L	e85c033ebc	Support hashes in requirement files for version-file (#287 )	2025-12-17 16:29:06 +01:00
dependabot[bot]	c03f335068	Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (#283 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.9 to 8.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v8.0.0</h2> <h2>What's new in v8</h2> <ul> <li>Requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later if you are using a self-hosted runner for Node 24 support.</li> </ul> <h2>What's Changed</h2> <ul> <li>chore: Update checkout action version to v6 by <a href="https://github.com/yonas"><code>@yonas</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li>Update actions/checkout references to <a href="https://github.com/v6"><code>@v6</code></a> in docs by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> <li>feat: v8 by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4260">peter-evans/create-pull-request#4260</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yonas"><code>@yonas</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0">https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0</a></p> <h2>Create Pull Request v7.0.11</h2> <h2>What's Changed</h2> <ul> <li>fix: restrict remote prune to self-hosted runners by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4250">peter-evans/create-pull-request#4250</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11">https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11</a></p> <h2>Create Pull Request v7.0.10</h2> <p>⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.</p> <h2>What's Changed</h2> <ul> <li>build(deps): bump the github-actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4235">peter-evans/create-pull-request#4235</a></li> <li>build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4240">peter-evans/create-pull-request#4240</a></li> <li>fix: provider list pulls fallback for multi fork same owner by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4245">peter-evans/create-pull-request#4245</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/obnyis"><code>@obnyis</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4064">peter-evans/create-pull-request#4064</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10">https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/98357b18bf14b5342f975ff684046ec3b2a07725"><code>98357b1</code></a> feat: v8 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4260">#4260</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/41c0e4b7899a4a0922bf899d64c5f25738cfe356"><code>41c0e4b</code></a> Update actions/checkout references to <a href="https://github.com/v6"><code>@v6</code></a> in docs (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4259">#4259</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/994332de4c8124517167807167073cf397678768"><code>994332d</code></a> chore: Update checkout action version to v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4258">#4258</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/22a9089034f40e5a961c8808d113e2c98fb63676"><code>22a9089</code></a> fix: restrict remote prune to self-hosted runners (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4250">#4250</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/d4f3be6ce6f4083b7ac7490ab98b48a62db1ee41"><code>d4f3be6</code></a> fix: provider list pulls fallback for multi fork same owner (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4245">#4245</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/bc8a47f5657f110049f4afd030c95529a9c62b76"><code>bc8a47f</code></a> build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4240">#4240</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a67ef28ca5df73d51a15007068e5931257943b0d"><code>a67ef28</code></a> build(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4235">#4235</a>)</li> <li>See full diff in <a href="https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...98357b18bf14b5342f975ff684046ec3b2a07725">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=7.0.9&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-10 08:19:04 +01:00
William Woodruff	5960f93ec0	chore: use `npm ci --ignore-scripts` in CI and scripts (#276 ) Replaces various uses of `npm install` with `npm ci --ignore-scripts`. This should both be more hermetic (it'll always use the locked versions rather than re-resolving) and will partially mitigate some build-time code execution risk. There should be no breakage risk, as the current dependency footprint is small and shouldn't include anything that uses build scripts 🙂 Signed-off-by: William Woodruff <william@astral.sh>	2025-12-02 08:09:27 +01:00
dependabot[bot]	cd51da8b6c	Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (#273 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v7.0.9</h2> <p>⚙️ Fixes an <a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4228">incompatibility</a> with the recently released <code>actions/checkout@v6</code>.</p> <h2>What's Changed</h2> <ul> <li>~70 dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a></li> <li>docs: fix workaround description about <code>ready_for_review</code> by <a href="https://github.com/ybiquitous"><code>@ybiquitous</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3939">peter-evans/create-pull-request#3939</a></li> <li>Docs: <code>add-paths</code> default behavior by <a href="https://github.com/joeflack4"><code>@joeflack4</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li>docs: update to create-github-app-token v2 by <a href="https://github.com/Goooler"><code>@Goooler</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li>Fix compatibility with actions/checkout@v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joeflack4"><code>@joeflack4</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li><a href="https://github.com/Goooler"><code>@Goooler</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li><a href="https://github.com/ericsciple"><code>@ericsciple</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.8...v7.0.9">https://github.com/peter-evans/create-pull-request/compare/v7.0.8...v7.0.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/84ae59a2cdc2258d6fa0732dd66352dddae2a412"><code>84ae59a</code></a> fix: compatibility with actions/checkout@v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4230">#4230</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b4733b9419fd47bbfa1807b15627e17cd70b5b22"><code>b4733b9</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4222">#4222</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/0edc001d28a2959cd7a6b505629f1d82f0a6e67d"><code>0edc001</code></a> build(deps-dev): bump the npm group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4201">#4201</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/430aea0fb112656c3ac187e7a22b3604508ba3a7"><code>430aea0</code></a> build(deps): bump the github-actions group with 3 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4200">#4200</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/46cdba753c74545733b821043d64bd6925fc4da9"><code>46cdba7</code></a> build(deps-dev): bump the npm group with 3 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4185">#4185</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b937339b17ca3e45ec14ebcafb879873b1ee8564"><code>b937339</code></a> build(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4184">#4184</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/e9af275c3778a67411fcac2d613e8d4e9be452fd"><code>e9af275</code></a> ci: update dependabot config</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/d3e081a03ae8d69301ed924bae10d70ea4af94d9"><code>d3e081a</code></a> build(deps-dev): bump <code>@types/node</code> from 18.19.127 to 18.19.128 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4178">#4178</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/9ec683ee07f9121fdf529b923931dd78d977a5c9"><code>9ec683e</code></a> build(deps-dev): bump <code>@types/node</code> from 18.19.125 to 18.19.127 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4165">#4165</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/65d8d10bf76513796c0f69457c2567b5da3b9626"><code>65d8d10</code></a> build(deps-dev): bump ts-jest from 29.4.2 to 29.4.4 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4163">#4163</a>)</li> <li>Additional commits viewable in <a href="https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=7.0.8&new-version=7.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-24 09:02:11 +01:00
dependabot[bot]	27c6fcea11	Bump eifinger/actionlint-action from 1.9.2 to 1.9.3 (#272 ) Bumps [eifinger/actionlint-action](https://github.com/eifinger/actionlint-action) from 1.9.2 to 1.9.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eifinger/actionlint-action/commit/213860089b7cf97d640aa67567898fabeb132746"><code>2138600</code></a> set default actionlint version to 1.7.9 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/29">#29</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/9eac110dcad8d93d091a2c04fcd168439221ef2a"><code>9eac110</code></a> build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/28">#28</a>)</li> <li>See full diff in <a href="https://github.com/eifinger/actionlint-action/compare/03ff1f78c0670b71017616a37170f327df932030...213860089b7cf97d640aa67567898fabeb132746">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eifinger/actionlint-action&package-manager=github_actions&previous-version=1.9.2&new-version=1.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-24 08:32:18 +01:00
dependabot[bot]	5ad29210b1	Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 (#247 ) Bumps [eifinger/actionlint-action](https://github.com/eifinger/actionlint-action) from 1.9.1 to 1.9.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eifinger/actionlint-action/commit/03ff1f78c0670b71017616a37170f327df932030"><code>03ff1f7</code></a> Bump actions/checkout to v5 (<a href="https://redirect.github.com/eifinger/actionlint-action/issues/26">#26</a>)</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/5f8fad542a78b6a7b983e6568af5cc903ef40a20"><code>5f8fad5</code></a> Replace haya14busa/action-update-semver</li> <li><a href="https://github.com/eifinger/actionlint-action/commit/04e640ab2882a7cdb3d995db9a91003e0c0aa2a9"><code>04e640a</code></a> set default actionlint version to 1.7.8</li> <li>See full diff in <a href="https://github.com/eifinger/actionlint-action/compare/23c85443d840cd73bbecb9cddfc933cc21649a38...03ff1f78c0670b71017616a37170f327df932030">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eifinger/actionlint-action&package-manager=github_actions&previous-version=1.9.1&new-version=1.9.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-14 05:46:04 +00:00
dependabot[bot]	e46bd63c5f	Bump actions/setup-node from 4.4.0 to 6.0.0 (#249 ) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>Breaking Changes</strong></p> <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li> </ul> <p><strong>Dependency Upgrades</strong></p> <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Enhance caching in setup-node with automatic package manager detection by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> </ul> <p>This update, introduces automatic caching when a valid <code>packageManager</code> field is present in your <code>package.json</code>. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set <code>package-manager-cache: false</code></p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false </code></pre> <ul> <li>Upgrade action to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">See Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade <code>@octokit/request-error</code> and <code>@actions/github</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1227">actions/setup-node#1227</a></li> <li>Upgrade uuid from 9.0.1 to 11.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1273">actions/setup-node#1273</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1295">actions/setup-node#1295</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1332">actions/setup-node#1332</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1345">actions/setup-node#1345</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v5.0.0">https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903"><code>2028fbc</code></a> Limit automatic caching to npm, update workflows and documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/13427813f706a0f6c9b74603b31103c40ab1c35a"><code>1342781</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/89d709d423dc495668cd762a18dd4a070611be3f"><code>89d709d</code></a> Bump prettier from 2.8.8 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/cd2651c46231bc0d6f48d6b34433b845331235fe"><code>cd2651c</code></a> Bump ts-jest from 29.1.2 to 29.4.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/a0853c24544627f65ddf259abe73b1d18a591444"><code>a0853c2</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-node/issues/1345">#1345</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/b7234cc9fe124f0f4932554b4e5284543083ae7b"><code>b7234cc</code></a> Upgrade action to use node24 (<a href="https://redirect.github.com/actions/setup-node/issues/1325">#1325</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/d7a11313b581b306c961b506cfc8971208bb03f6"><code>d7a1131</code></a> Enhance caching in setup-node with automatic package manager detection (<a href="https://redirect.github.com/actions/setup-node/issues/1348">#1348</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/5e2628c959b9ade56971c0afcebbe5332d44b398"><code>5e2628c</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/setup-node/issues/1332">#1332</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/65beceff8e91358525397bdce9103d999507ab03"><code>65becef</code></a> Bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1295">#1295</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/7e24a656e1c7a0d6f3eaef8d8e84ae379a5b035b"><code>7e24a65</code></a> Bump uuid from 9.0.1 to 11.1.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1273">#1273</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...2028fbc5c25fe9cf00d9f06a71cc4710d4507903">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4.4.0&new-version=6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-14 07:43:56 +02:00
dependabot[bot]	6576144cee	Bump github/codeql-action from 3.29.11 to 3.30.5 (#234 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.11 to 3.30.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.30.5</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.4</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.4 - 25 Sep 2025</h2> <ul> <li>We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the <code>codeql-action/init</code> step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the <code>codeql-action/init</code> step. <a href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a> and <a href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li> <li>We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. <a href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li> <li>You can now run the latest CodeQL nightly bundle by passing <code>tools: nightly</code> to the <code>init</code> action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li> <li>Update default CodeQL bundle version to 2.23.1. <a href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.3</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.3 - 10 Sep 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.2</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.2 - 09 Sep 2025</h2> <ul> <li>Fixed a bug which could cause language autodetection to fail. <a href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li> <li>Experimental: The <code>quality-queries</code> input that was added in <code>3.29.2</code> as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new <code>analysis-kinds</code> input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.1</h2> <h1>CodeQL Action Changelog</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li> </ul> <h2>3.30.4 - 25 Sep 2025</h2> <ul> <li>We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the <code>codeql-action/init</code> step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the <code>codeql-action/init</code> step. <a href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a> and <a href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li> <li>We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. <a href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li> <li>You can now run the latest CodeQL nightly bundle by passing <code>tools: nightly</code> to the <code>init</code> action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li> <li>Update default CodeQL bundle version to 2.23.1. <a href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li> </ul> <h2>3.30.3 - 10 Sep 2025</h2> <p>No user facing changes.</p> <h2>3.30.2 - 09 Sep 2025</h2> <ul> <li>Fixed a bug which could cause language autodetection to fail. <a href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li> <li>Experimental: The <code>quality-queries</code> input that was added in <code>3.29.2</code> as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new <code>analysis-kinds</code> input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li> </ul> <h2>3.30.1 - 05 Sep 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.0. <a href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li> </ul> <h2>3.30.0 - 01 Sep 2025</h2> <ul> <li>Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. <a href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li> </ul> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/3599b3baa15b485a2e49ef411a7a4bb2452e7f93"><code>3599b3b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3161">#3161</a> from github/update-v3.30.5-0a67bd46a</li> <li><a href="https://github.com/github/codeql-action/commit/2ca0085e584affd600efbd3930bc90e48dbacb46"><code>2ca0085</code></a> Update changelog for v3.30.5</li> <li><a href="https://github.com/github/codeql-action/commit/0a67bd46a0f456ddad9e4b732137f519280275db"><code>0a67bd4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3160">#3160</a> from github/mbg/fix/upload-sarif</li> <li><a href="https://github.com/github/codeql-action/commit/8e34f2f3bf0f3f0b192913b0e0f234372329699b"><code>8e34f2f</code></a> Add changelog</li> <li><a href="https://github.com/github/codeql-action/commit/0b7fc5664842c1a6bb23c4ef64b85438afcb76c5"><code>0b7fc56</code></a> Fix <code>upload-sarif</code> not uploading non-<code>.sarif</code> files</li> <li><a href="https://github.com/github/codeql-action/commit/94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca"><code>94a9b7a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3155">#3155</a> from github/mbg/node/no-install-in-actions</li> <li><a href="https://github.com/github/codeql-action/commit/a0ae9ba2026911d58db9df06e6b074d8ef6c24c9"><code>a0ae9ba</code></a> Log what the script is doing</li> <li><a href="https://github.com/github/codeql-action/commit/b27a8ef21f72b5c541232d50400874a3f0a374b9"><code>b27a8ef</code></a> Exit if running in an Actions workflow</li> <li><a href="https://github.com/github/codeql-action/commit/65925679a36e83b45b5f1673869dabf891669742"><code>6592567</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3139">#3139</a> from github/henrymercer/fix-log-message</li> <li><a href="https://github.com/github/codeql-action/commit/fa64a7dee67e389b18445aa15d26426512d9ab97"><code>fa64a7d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3154">#3154</a> from github/mbg/node/check-up-to-date-deps</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...3599b3baa15b485a2e49ef411a7a4bb2452e7f93">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.11&new-version=3.30.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-02 21:54:51 +02:00
Kevin Stillhammer	c48d3eaf66	Don't assume all test passed if cancelled (#236 )	2025-09-30 18:00:56 +00:00
dependabot[bot]	421486e990	Bump github/codeql-action from 3.29.9 to 3.29.11 (#211 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.9 to 3.29.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.29.11</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.11/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.29.10</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.29.10/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.29.11 - 21 Aug 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.4. <a href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li> </ul> <h2>3.29.10 - 18 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.9 - 12 Aug 2025</h2> <p>No user facing changes.</p> <h2>3.29.8 - 08 Aug 2025</h2> <ul> <li>Fix an issue where the Action would autodetect unsupported languages such as HTML. <a href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li> </ul> <h2>3.29.7 - 07 Aug 2025</h2> <p>This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.</p> <h2>3.29.6 - 07 Aug 2025</h2> <ul> <li>The <code>cleanup-level</code> input to the <code>analyze</code> Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. <a href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li> <li>Update default CodeQL bundle version to 2.22.3. <a href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li> </ul> <h2>3.29.5 - 29 Jul 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.2. <a href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li> </ul> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/3c3833e0f8c1c83d449a7478aa59c036a9165498"><code>3c3833e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3052">#3052</a> from github/update-v3.29.11-14148a433</li> <li><a href="https://github.com/github/codeql-action/commit/8c4bfbd99ba6ef652eca12461ad7618142e00679"><code>8c4bfbd</code></a> Update changelog for v3.29.11</li> <li><a href="https://github.com/github/codeql-action/commit/14148a433d789d9b6c7dadb56d8e3f8ad1e59605"><code>14148a4</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3044">#3044</a> from github/update-bundle/codeql-bundle-v2.22.4</li> <li><a href="https://github.com/github/codeql-action/commit/71b2cb38a1e682cb9b2453a5f1400eef870a37df"><code>71b2cb3</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/2bf78254cceec27aab20b1623ba68c63c6eb85c6"><code>2bf7825</code></a> Update default bundle to codeql-bundle-v2.22.4</li> <li><a href="https://github.com/github/codeql-action/commit/db69a5182d331d562e511302ae3c9aafd5fada6c"><code>db69a51</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3049">#3049</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/a68d47bfa574c69f3de7d6484cf28a9c55ff7287"><code>a68d47b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3050">#3050</a> from github/henrymercer/init-not-called-config-error</li> <li><a href="https://github.com/github/codeql-action/commit/e496ff959372e828f30b1518fd22cb76170cf5db"><code>e496ff9</code></a> Make "init not called" a configuration error</li> <li><a href="https://github.com/github/codeql-action/commit/fd2ea72d34cdf8157d85d93decf87671705166a3"><code>fd2ea72</code></a> Update supported GitHub Enterprise Server versions</li> <li><a href="https://github.com/github/codeql-action/commit/6dee5bc9c165ca206a70f4e3d18271971cf6ff26"><code>6dee5bc</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3045">#3045</a> from github/dependabot/npm_and_yarn/npm-5b4171dd16</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/df559355d593797519d70b90fc8edd5db049e7a2...3c3833e0f8c1c83d449a7478aa59c036a9165498">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.9&new-version=3.29.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-22 20:05:00 +02:00
William Woodruff	74b1866cee	chore(ci): address all lint findings (#206 ) This addresses a variety of findings, mostly around overly broad default permissions and credential sharing. I've also run [pinact](https://github.com/suzuki-shunsuke/pinact) to auto-hash-pin all action references -- Dependabot will still update these, but having them hash-pinned will seal off any undesirable tag/branch mutability 🙂 (99% of these findings were done automatically with `zizmor --fix=all`, followed by verifying the results. I haven't added a [zizmor](https://docs.zizmor.sh) workflow as part of this PR, but I'd be happy to if desired.) --------- Signed-off-by: William Woodruff <william@astral.sh>	2025-08-20 00:07:37 +02:00
Kevin Stillhammer	57714a7c8a	bump biome to 2.1.4 (#201 )	2025-08-12 19:53:24 +00:00
dependabot[bot]	f46fd74e35	Bump actions/checkout from 4 to 5 (#197 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-12 19:23:04 +00:00
Gareth Jones	966d2455d2	feat: support reading Ruff version from `tools.poetry.dependencies` (#177 ) While Poetry does now support PEP 508, it's still common to use `tool.poetry.dependencies` - we for example still use it because Renovate does not support doing lockfile updates for Poetry when using PEP 508. This modifies the version finder logic to support determining the Ruff version from `pyproject.toml` files that use ``tool.poetry.dependencies`	2025-07-14 09:58:25 +02:00
Kevin Stillhammer	110a15d08b	Fix test-pep440-version-specifier (#165 ) It makes no sense to expect a deterministic test when minor versions for 0.11.x are still getting released	2025-06-16 19:55:35 +02:00
Kevin Stillhammer	6228face02	Simplify step check all-tests-passed.needs (#155 )	2025-05-27 17:43:44 +02:00
Kevin Stillhammer	78b7b9921e	Check that all jobs are in all-tests-passed.needs (#151 )	2025-05-26 18:36:12 +00:00
Kevin Stillhammer	9b2efb7fd8	Add support for pep440 version specifiers (#150 ) Fixes: #147	2025-05-26 20:20:17 +02:00
Kevin Stillhammer	84f83ecf9e	Support versions 0.1.8-0.4.7 (#135 ) These versions have different artifact names in the GitHub releases Fixes: #133	2025-05-07 16:58:28 +02:00
Kevin Stillhammer	ea12b8ac41	Inform user of unsupported old version (#134 ) Versions older than v0.0.247 do not have binaries in the GitHub releases	2025-05-07 13:28:39 +00:00
Simon Berger	400ab365db	Add support for reading the ruff version from Poetry groups (#127 ) Not sure if this is a desired feature since this was requested already (https://github.com/astral-sh/ruff-action/issues/40#issuecomment-2581207691) without any sort of response. Unfortunately Poetry doesn't yet support PEP 735 (https://github.com/python-poetry/poetry/issues/9751) and it doesn't make sense to add ruff as a project dependency.	2025-04-27 12:37:48 +00:00
Kevin Stillhammer	faac838a0b	Add required permissions and all-tests-passed (#107 )	2025-03-21 15:06:07 +01:00
Kevin Stillhammer	8bfebd2812	Inline action-update-semver (#103 ) What the action does is easily inlined. This reduces the attack surface of this repo.	2025-03-16 21:41:55 +01:00
dependabot[bot]	736d6639d0	Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (#96 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.7 to 7.0.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v7.0.8</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3751">peter-evans/create-pull-request#3751</a></li> <li>build(deps-dev): bump eslint-import-resolver-typescript from 3.8.1 to 3.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3752">peter-evans/create-pull-request#3752</a></li> <li>build(deps): bump <code>@octokit/plugin-paginate-rest</code> from 11.4.2 to 11.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3753">peter-evans/create-pull-request#3753</a></li> <li>build(deps-dev): bump prettier from 3.5.1 to 3.5.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3754">peter-evans/create-pull-request#3754</a></li> <li>fix: suppress output for some git operations by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3776">peter-evans/create-pull-request#3776</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.7...v7.0.8">https://github.com/peter-evans/create-pull-request/compare/v7.0.7...v7.0.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/271a8d0340265f705b14b6d32b9829c1cb33d45e"><code>271a8d0</code></a> fix: suppress output for some git operations (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3776">#3776</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/6f7efd1c24d02e0d947dd3f6f9618019afb36781"><code>6f7efd1</code></a> test: update cpr-example-command</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/13c47c574799c8eb0a033eba252619135e70f392"><code>13c47c5</code></a> build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3754">#3754</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/63e58290d72e889603c931363c5169ba1bbe3fed"><code>63e5829</code></a> build(deps): bump <code>@octokit/plugin-paginate-rest</code> from 11.4.2 to 11.4.3 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3753">#3753</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a92c90fcab983421cc9bc736a06daea58c68d0db"><code>a92c90f</code></a> build(deps-dev): bump eslint-import-resolver-typescript (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3752">#3752</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b23b62d48799ec46790610dd74b29cb9ba2eef30"><code>b23b62d</code></a> build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3751">#3751</a>)</li> <li>See full diff in <a href="https://github.com/peter-evans/create-pull-request/compare/dd2324fc52d5d43c699a5636bcf19fceaa70c284...271a8d0340265f705b14b6d32b9829c1cb33d45e">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=7.0.7&new-version=7.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-03-05 07:57:45 +01:00
dependabot[bot]	b11c1acffb	Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (#89 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.6 to 7.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v7.0.7</h2> <p>⚙️ Fixes an issue with commit signing where modifications to the same file in multiple commits squash into the first commit.</p> <h2>What's Changed</h2> <ul> <li>build(deps): bump <code>@octokit/core</code> from 6.1.2 to 6.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3593">peter-evans/create-pull-request#3593</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.19.68 to 18.19.70 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3594">peter-evans/create-pull-request#3594</a></li> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@actions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3603">peter-evans/create-pull-request#3603</a></li> <li>build(deps-dev): bump typescript from 5.7.2 to 5.7.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3610">peter-evans/create-pull-request#3610</a></li> <li>build(deps): bump octokit dependencies by <a href="https://github.com/peter-evans"><code>@peter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3618">peter-evans/create-pull-request#3618</a></li> <li>docs: add workflow tip for showing message via workflow command by <a href="https://github.com/ybiquitous"><code>@ybiquitous</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3626">peter-evans/create-pull-request#3626</a></li> <li>build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3628">peter-evans/create-pull-request#3628</a></li> <li>build(deps): bump node-fetch-native from 1.6.4 to 1.6.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3627">peter-evans/create-pull-request#3627</a></li> <li>build(deps-dev): bump undici from 6.21.0 to 6.21.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3630">peter-evans/create-pull-request#3630</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.19.70 to 18.19.71 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3629">peter-evans/create-pull-request#3629</a></li> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@actions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3647">peter-evans/create-pull-request#3647</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.19.71 to 18.19.74 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3657">peter-evans/create-pull-request#3657</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.19.74 to 18.19.75 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3663">peter-evans/create-pull-request#3663</a></li> <li>build(deps): bump <code>@octokit/plugin-rest-endpoint-methods</code> from 13.3.0 to 13.3.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3670">peter-evans/create-pull-request#3670</a></li> <li>build(deps-dev): bump prettier from 3.4.2 to 3.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3671">peter-evans/create-pull-request#3671</a></li> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@actions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3680">peter-evans/create-pull-request#3680</a></li> <li>build(deps): bump <code>@octokit/request-error</code> from 6.1.6 to 6.1.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3685">peter-evans/create-pull-request#3685</a></li> <li>build(deps): bump <code>@octokit/plugin-paginate-rest</code> from 11.4.0 to 11.4.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3688">peter-evans/create-pull-request#3688</a></li> <li>build(deps): bump <code>@octokit/endpoint</code> from 10.1.2 to 10.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3700">peter-evans/create-pull-request#3700</a></li> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@actions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3691">peter-evans/create-pull-request#3691</a></li> <li>build(deps-dev): bump prettier from 3.5.0 to 3.5.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3709">peter-evans/create-pull-request#3709</a></li> <li>build(deps-dev): bump eslint-import-resolver-typescript from 3.7.0 to 3.8.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3710">peter-evans/create-pull-request#3710</a></li> <li>build(deps): bump <code>@octokit/plugin-paginate-rest</code> from 11.4.1 to 11.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3713">peter-evans/create-pull-request#3713</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.19.75 to 18.19.76 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3712">peter-evans/create-pull-request#3712</a></li> <li>build(deps): bump <code>@octokit/core</code> from 6.1.3 to 6.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3711">peter-evans/create-pull-request#3711</a></li> <li>Update distribution by <a href="https://github.com/actions-bot"><code>@actions-bot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3736">peter-evans/create-pull-request#3736</a></li> <li>Use showFileAtRefBase64 to read per-commit file contents by <a href="https://github.com/grahamc"><code>@grahamc</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3744">peter-evans/create-pull-request#3744</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ybiquitous"><code>@ybiquitous</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3626">peter-evans/create-pull-request#3626</a></li> <li><a href="https://github.com/grahamc"><code>@grahamc</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3744">peter-evans/create-pull-request#3744</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.6...v7.0.7">https://github.com/peter-evans/create-pull-request/compare/v7.0.6...v7.0.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/dd2324fc52d5d43c699a5636bcf19fceaa70c284"><code>dd2324f</code></a> fix: use showFileAtRefBase64 to read per-commit file contents (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3744">#3744</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/367180cbdfa0448fc1ca9136e4adb020658cf4e5"><code>367180c</code></a> ci: remove testv5 cmd</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/25575a12f382fb9c68692ffce1174138b61417d7"><code>25575a1</code></a> build: update distribution (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3736">#3736</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a56e7a56e9186132269996d8937494f12ff51f77"><code>a56e7a5</code></a> build(deps): bump <code>@octokit/core</code> from 6.1.3 to 6.1.4 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3711">#3711</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/eac17dc6a391b3ae789deacc22d4d36f5e62ef6b"><code>eac17dc</code></a> build(deps-dev): bump <code>@types/node</code> from 18.19.75 to 18.19.76 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3712">#3712</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/a2e685f8147c673583a881447134a26d6fa3d0f7"><code>a2e685f</code></a> build(deps): bump <code>@octokit/plugin-paginate-rest</code> from 11.4.1 to 11.4.2 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3713">#3713</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/6cfd146ec94d1142c1ea0bd8b540622c50f3a34b"><code>6cfd146</code></a> build(deps-dev): bump eslint-import-resolver-typescript (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3710">#3710</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/b38e8d38a18a291242f9072a0d9843d4c0ed6792"><code>b38e8d3</code></a> build(deps-dev): bump prettier from 3.5.0 to 3.5.1 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3709">#3709</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/8a41570d993b6f7de42d9533f6b785fc151c96e6"><code>8a41570</code></a> build: update distribution (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3691">#3691</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/2e9b4cc10ed4becca3a04f63d54db8baf010d424"><code>2e9b4cc</code></a> build(deps): bump <code>@octokit/endpoint</code> from 10.1.2 to 10.1.3 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/3700">#3700</a>)</li> <li>Additional commits viewable in <a href="https://github.com/peter-evans/create-pull-request/compare/67ccf781d68cd99b580ae25a5c18a1cc84ffff1f...dd2324fc52d5d43c699a5636bcf19fceaa70c284">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=7.0.6&new-version=7.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-25 07:58:31 +01:00
Kevin Stillhammer	5f8cbe30d7	Make it clearer how to fix lint errors (#74 )	2025-02-06 17:42:12 +01:00
Dave Johansen	d8f577dec4	Support requirements.txt for version-file (#68 )	2025-02-06 17:41:44 +01:00
Kevin Stillhammer	f173943ec8	Run update-known-checksums every night (#73 )	2025-02-06 08:43:41 +01:00
Kevin Stillhammer	d34edb0565	Fix version-file input (#72 ) The input was previously ignored Fixes: #69	2025-02-06 08:40:41 +01:00
Adam Turner	f14634c415	Read the `[project.optional-dependencies]` and `[dependency-groups]` tables (#66 ) I'd quite like to use `ruff-action`'s auto-detection feature, but it currently doesn't read the `[project.optional-dependency]` table, and support for the PEP 735 `[dependency-groups]` table is currently limited to only the special-cased `dev` key, and does not account for the possibility of `{include-group="..."}` inline tables, as [described by the PEP](https://peps.python.org/pep-0735/#dependency-group-include). I have guessed how to make the tests work, as the only JS development I do is plain JS (sans frameworks), so TypeScript is still quite new to me -- feel free to push required changes to this branch. A	2025-01-31 22:47:17 +01:00

1 2

69 Commits