chore(deps): bump the all-actions group across 1 directory with 5 updates

[dependabot]

Bumps the all-actions group with 5 updates in the / directory:

Package	From	To
reviewdog/action-actionlint	1.68.0	1.69.1
reviewdog/action-shellcheck	1.9.0	1.32.0
marocchino/sticky-pull-request-comment	2.9.1	2.9.4
github/codeql-action	4.31.4	4.31.6
actions/stale	10.1.0	10.1.1

Updates reviewdog/action-actionlint from 1.68.0 to 1.69.1

Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.69.1

v1.69.1: PR #185 - feat: update action.yml

Release v1.69.0

v1.69.0: PR #183 - chore(deps): update actionlint to 1.7.9

Commits

• 83e4ed2 bump v1.69.1
• 651f708 Merge branch 'main' into releases/v1
• 44b7d68 Merge pull request #185 from vvanouytsel/patch-1
• 89ed127 feat: update action.yml
• 437bbe9 bump v1.69.0
• 54e9dc8 Merge branch 'main' into releases/v1
• 1e0347f Merge pull request #183 from reviewdog/depup/actionlint
• 63e99e6 Merge pull request #182 from reviewdog/renovate/actions-checkout-6.x
• 9947a32 Merge pull request #179 from reviewdog/renovate/shogo82148-actions-create-rel...
• 86dee71 Merge pull request #184 from reviewdog/renovate/peter-evans-create-pull-reque...
• Additional commits viewable in compare view

Updates reviewdog/action-shellcheck from 1.9.0 to 1.32.0

Release notes

Sourced from reviewdog/action-shellcheck's releases.

Release v1.32.0

What's Changed

• chore(deps): update haya14busa/action-bumpr action to v1.11.4 by @​renovate[bot] in reviewdog/action-shellcheck#82
• chore(deps): update haya14busa/action-update-semver action to v1.3.0 by @​renovate[bot] in reviewdog/action-shellcheck#83
• chore(deps): update reviewdog/action-setup action to v1.4.0 by @​renovate[bot] in reviewdog/action-shellcheck#89
• chore(deps): update reviewdog/reviewdog to 0.21.0 by @​github-actions[bot] in reviewdog/action-shellcheck#88

Full Changelog: reviewdog/action-shellcheck@v1.31.0...v1.32.0

Release v1.31.0

What's Changed

• README: Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-shellcheck#80
• chore(deps): update koalaman/shellcheck to 0.11.0 by @​github-actions[bot] in reviewdog/action-shellcheck#85

Full Changelog: reviewdog/action-shellcheck@v1.30.0...v1.31.0

Release v1.30.0

What's Changed

• Add support for arm64 version of shellcheck. Closes #74 by @​j0sh3rs in reviewdog/action-shellcheck#75

New Contributors

• @​j0sh3rs made their first contribution in reviewdog/action-shellcheck#75

Full Changelog: reviewdog/action-shellcheck@v1.29.3...v1.30.0

Release v1.29.3

What's Changed

• chore(deps): update reviewdog/action-depup action to v1.6.4 by @​renovate in reviewdog/action-shellcheck#78
• chore(deps): update reviewdog/action-setup action to v1.3.2 by @​renovate in reviewdog/action-shellcheck#79

Full Changelog: reviewdog/action-shellcheck@v1.29.2...v1.29.3

Release v1.29.2

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-shellcheck#77

Full Changelog: reviewdog/action-shellcheck@v1.29.1...v1.29.2

Release v1.29.1

What's Changed

• Pin GitHub Actions with commit SHA using pinact by @​haya14busa in reviewdog/action-shellcheck#76

Full Changelog: reviewdog/action-shellcheck@v1.29.0...v1.29.1

Release v1.29.0

... (truncated)

Commits

• 4c07458 Merge pull request #88 from reviewdog/depup/reviewdog/reviewdog
• e410e3c Merge pull request #89 from reviewdog/renovate/reviewdog-action-setup-1.x
• e9b97d8 Merge pull request #83 from reviewdog/renovate/haya14busa-action-update-semve...
• c92763a Merge pull request #82 from reviewdog/renovate/haya14busa-action-bumpr-1.x
• d4dfa7a chore(deps): update reviewdog/action-setup action to v1.4.0
• 7e730f8 chore(deps): update reviewdog/reviewdog to 0.21.0
• 7987798 chore(deps): update haya14busa/action-update-semver action to v1.3.0
• 1265a1d chore(deps): update haya14busa/action-bumpr action to v1.11.4
• 1bb9751 Merge pull request #85 from reviewdog/depup/koalaman/shellcheck
• b93e052 chore(deps): update koalaman/shellcheck to 0.11.0
• Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 2.9.1 to 2.9.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v2.9.4

What's Changed

• build(deps-dev): Bump @​biomejs/biome from 2.0.0 to 2.0.2 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1554
• build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1561
• build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1562
• build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1563
• build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1564

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

v2.9.3

What's Changed

• Update deps (including security issues)
• Test with vitest instead of jest
• Use biome

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.2...v2.9.3

v2.9.2

What's Changed

• Update @​octokit/graphql-schema & use biome by @​marocchino in marocchino/sticky-pull-request-comment#1517
• build(deps): Bump undici from 5.28.4 to 5.28.5 by @​dependabot in marocchino/sticky-pull-request-comment#1476
• build(deps-dev): Bump @​types/node from 22.10.7 to 22.14.0 by @​dependabot in marocchino/sticky-pull-request-comment#1515
• build(deps): Bump @​octokit/request-error from 5.0.1 to 5.1.1 by @​dependabot in marocchino/sticky-pull-request-comment#1490
• build(deps): Bump @​octokit/request from 8.1.4 to 8.4.1 by @​dependabot in marocchino/sticky-pull-request-comment#1494
• build(deps): Bump @​octokit/plugin-paginate-rest from 9.1.2 to 9.2.2 by @​dependabot in marocchino/sticky-pull-request-comment#1493

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.1...v2.9.2

Commits

• 7737449 📦️ Build
• 8b423c6 Merge pull request #1564 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 3ac8a74 build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13
• e430cfc Merge pull request #1563 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 99f9378 build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12
• 2216b3a Merge pull request #1562 from marocchino/dependabot/npm_and_yarn/biomejs/biom...
• 482d7fd build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1
• c2da581 Merge pull request #1561 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 76f8462 build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11
• 246151a ⬆️ Update biome
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.4 to 4.31.6

Release notes

Sourced from github/codeql-action's releases.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

• [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

... (truncated)

Commits

• fe4161a Merge pull request #3336 from github/update-v4.31.6-ecec1f887
• 88c2ab5 Update changelog for v4.31.6
• ecec1f8 Merge pull request #3335 from github/mbg/ci/run-codeql-on-all-prs
• 23da732 Merge pull request #3334 from github/kaspersv/overlay-minor-comments
• f7abc74 Remove branch filter for PR event in CodeQL workflow
• 32ada5e Merge branch 'main' into kaspersv/overlay-minor-comments
• 75b2f49 Merge pull request #3333 from github/kaspersv/overlay-no-resource-checks-option
• f036b1c Merge branch 'main' into kaspersv/overlay-no-resource-checks-option
• 58c5954 Add comment to runnerSupportsOverlayAnalysis
• b02fa13 Order feature flags alphabetically
• Additional commits viewable in compare view

Updates actions/stale from 10.1.0 to 10.1.1

Release notes

Sourced from actions/stale's releases.

v10.1.1

What's Changed

Bug Fix

• Add Missing Input Reading for only-issue-types by @​Bibo-Joshi in actions/stale#1298

Improvement

• Improves error handling when rate limiting is disabled on GHES. by @​chiranjib-swain in actions/stale#1300

Dependency Upgrades

• Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @​dependabot in actions/stale#1276
• Upgrade @​types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @​dependabot in actions/stale#1280
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/stale#1291
• Upgrade actions/checkout from 4 to 6 by @​dependabot in actions/stale#1306

New Contributors

• @​chiranjib-swain made their first contribution in actions/stale#1300

Full Changelog: actions/stale@v10...v10.1.1

Commits

• 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
• 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
• fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
• 39bea7d Add Missing Input Reading for only-issue-types (#1298)
• e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
• 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying cvix with    Cloudflare Pages

Latest commit:	2dd9be7
Status:	✅  Deploy successful!
Preview URL:	https://09db0174.cvix.pages.dev
Branch Preview URL:	https://dependabot-github-actions-al-07fq.cvix.pages.dev

View logs

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/stale	997185467fa4f803885201cee163a9f38240193d	🟢 5.5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches Vulnerabilities 🟢 6 4 existing vulnerabilities detected SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6

Scanned Files

• .github/workflows/stale.yml

[github-actions]

Test Results

163 files  163 suites   1m 14s ⏱️
680 tests 680 ✅ 0 💤 0 ❌
684 runs  684 ✅ 0 💤 0 ❌

Results for commit 2dd9be7.

♻️ This comment has been updated with latest results.