Skip to content

build(deps): bump the dependencies group across 1 directory with 8 updates#6013

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/dependencies-aaf701b4dc
Open

build(deps): bump the dependencies group across 1 directory with 8 updates#6013
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/dependencies-aaf701b4dc

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the dependencies group with 8 updates in the / directory:

Package From To
actions/checkout 4 6
actions/setup-go 5 6
golangci/golangci-lint-action 6.5.0 9.2.0
megalinter/megalinter 8.4.2 9.4.0
goreleaser/goreleaser-action 6 7
actions/upload-artifact 4 7
actions/github-script 7 8
actions/stale 9 10

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates actions/setup-go from 5 to 6

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-go@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-go@v5...v5.6.0

v5.5.0

What's Changed

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-go@v5...v5.5.0

... (truncated)

Commits

Updates golangci/golangci-lint-action from 6.5.0 to 9.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.2.0

What's Changed

Changes

Dependencies

Full Changelog: golangci/golangci-lint-action@v9.1.0...v9.2.0

v9.1.0

What's Changed

Changes

Documentation

Dependencies

Full Changelog: golangci/golangci-lint-action@v9.0.0...v9.1.0

v9.0.0

In the scope of this release, we change Nodejs runtime from node20 to node24 (https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/).

What's Changed

Changes

Full Changelog: golangci/golangci-lint-action@v8.0.0...v9.0.0

v8.0.0

Requires golangci-lint version >= v2.1.0

... (truncated)

Commits

Updates megalinter/megalinter from 8.4.2 to 9.4.0

Release notes

Sourced from megalinter/megalinter's releases.

v9.4.0

What's Changed

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(n²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

[v9.4.0] - 2026-02-28

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(n²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions
    • Update default secured env variables documentation

... (truncated)

Commits
  • 8fbdead Release MegaLinter v9.4.0
  • 9f605c4 Fix custom flavor builder workflow (#7306)
  • b7dcb60 Update changelog to prepare release (#7304)
  • 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
  • edba876 [automation] Auto-update linters version, help and documentation (#7299)
  • 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
  • 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
  • 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
  • 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
  • 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
  • Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6 to 7

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

v6.4.0

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v6.3.0...v6.4.0

v6.3.0

Full Changelog: goreleaser/goreleaser-action@v6.2.1...v6.3.0

v6.2.1

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

... (truncated)

Commits
  • ec59f47 fix: yargs usage
  • 752dede fix: gitignore
  • 1881ae0 ci: update dependabot settings
  • fdc5e66 chore: gitignore provenance.json
  • 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
  • 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
  • c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
  • 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
  • c59a691 chore: gitignore
  • 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • Additional commits viewable in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

@dependabot
build(deps): bump the dependencies group across 1 directory with 8 up…
f953a28 
…dates

Bumps the dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.5.0` | `9.2.0` |
| [megalinter/megalinter](https://github.com/megalinter/megalinter) | `8.4.2` | `9.4.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6` | `7` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `8` |
| [actions/stale](https://github.com/actions/stale) | `9` | `10` |



Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

Updates `golangci/golangci-lint-action` from 6.5.0 to 9.2.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@v6.5.0...v9.2.0)

Updates `megalinter/megalinter` from 8.4.2 to 9.4.0
- [Release notes](https://github.com/megalinter/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@v8.4.2...v9.4.0)

Updates `goreleaser/goreleaser-action` from 6 to 7
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v6...v7)

Updates `actions/upload-artifact` from 4 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: megalinter/megalinter
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: goreleaser/goreleaser-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 1, 2026
@mergify mergify bot added the needs-work Extra attention is needed label Mar 1, 2026
@codecov
Copy link

codecov bot commented Mar 1, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.75%. Comparing base (bd4bc99) to head (f953a28).
⚠️ Report is 34 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6013      +/-   ##
==========================================
+ Coverage   74.65%   76.75%   +2.10%     
==========================================
  Files          73       74       +1     
  Lines       11139     9225    -1914     
==========================================
- Hits         8316     7081    -1235     
+ Misses       2186     1507     -679     
  Partials      637      637

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code needs-work Extra attention is needed size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants