build(deps): bump ataylorme/eslint-annotate-action from 3 to 4

[dependabot]

Bumps ataylorme/eslint-annotate-action from 3 to 4.

Release notes

Sourced from ataylorme/eslint-annotate-action's releases.

v4.0.0-beta.1

First beta of the major v4 rewrite. Please test and report any issues!

Use it in your workflow:

- uses: ataylorme/eslint-annotate-action@v4.0.0-beta.1
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
    report-json: eslint_report.json

Your workflow also needs:

permissions:
  checks: write
  pull-requests: read  # only needed with only-pr-files: true or post-comment: true

Breaking changes

• Requires Node 24 — add actions/setup-node with node-version: '24' if your runner doesn't have it
• github-token input is now required (explicit auth replacing @octokit/action)

Bug fixes

• Fix crash when GITHUB_WORKSPACE is unset (#82, thanks @​thefrosty)
• Throw a clear error when the report glob matches no files (#93, thanks @​joprice)
• Warnings now correctly annotated at warning level instead of failure (#80, thanks @​vldslv-a)
• Fix null ruleId crash for fatal parse errors and --report-unused-disable-directives

New inputs

Input	Default	Description
neutral-on-warning	false	Set check conclusion to neutral (not success) when only warnings exist (#89, thanks @​jessetan)
post-comment	false	Post/update a sticky PR comment with the ESLint summary (#90, thanks @​jessetan)

Tooling

• Replaced @vercel/ncc with rollup for bundling
• ESLint v9 flat config
• Migrated to @actions/github + @actions/core from @actions/toolkit
• 0 npm vulnerabilities (was 19, thanks @​drewish)
• Node 24 runtime (thanks @​sturman)

Changelog

Sourced from ataylorme/eslint-annotate-action's changelog.

4.0.0 - CONTAINS BREAKING CHANGES

• Runs using Node 24

3.0.0 - CONTAINS BREAKING CHANGES

• Rename the repo-token input to GITHUB_TOKEN
• Run the Action itself on Node 20 instead of Node 16
• Truncate summary if too long
• Only add changed file to markdown summary if only changed files is true
• Use @octokit/action instead of actions-toolkit
• Use ESLint types from @types/eslint instead of custom types
• Default line to 1 if it's not present

Commits

• 5a8d8ab fix: align github-token input name across action.yml, constants, and tests
• 6a1440a chore: update @​actions dependencies to latest major versions
• 039ba93 docs: update README for v4
• 03bec51 fix: resolve ESLint v9 config issues and auto-format all source files
• 37d0663 fix: mock constants in getAnalyzedReport tests to fix CI SHA mismatch
• 9438e67 feat!: v4 — Node 24, ESM, rollup, @​actions/toolkit, bug fixes, new features
• 4ef6269 Node 24
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade ataylorme/eslint-annotate-action from v3 to v4 in the vmui workflow to use the latest annotation logic and bug fixes. This major version requires small workflow changes to keep lint annotations working.

• Migration
  • Rename input to github-token and pass ${{ secrets.GITHUB_TOKEN }}.
  • Set workflow permissions: checks: write (and pull-requests: read if using only-pr-files or post-comment).
  • Ensure Node 24 is available on the runner (add actions/setup-node with node-version: '24' if needed).

^{Written for commit 8053a40. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/vmui.yml">

<violation number="1" location=".github/workflows/vmui.yml:71">
P1: v4 requires the token input to be named `github-token`; leaving the old `GITHUB_TOKEN` key here will break the ESLint annotation step after this upgrade.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: v4 requires the token input to be named github-token; leaving the old GITHUB_TOKEN key here will break the ESLint annotation step after this upgrade.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/vmui.yml, line 71:

<comment>v4 requires the token input to be named `github-token`; leaving the old `GITHUB_TOKEN` key here will break the ESLint annotation step after this upgrade.</comment>

<file context>
@@ -68,7 +68,7 @@ jobs:
 
       - name: Annotate Code Linting Results
-        uses: ataylorme/eslint-annotate-action@v3
+        uses: ataylorme/eslint-annotate-action@v4
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
</file context>

Suggested change

	uses: ataylorme/eslint-annotate-action@v4
	with:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	uses: ataylorme/eslint-annotate-action@v4
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}