🌱 Bump github.com/rhysd/actionlint from 1.7.7 to 1.7.8

[dependabot]

Bumps github.com/rhysd/actionlint from 1.7.7 to 1.7.8.

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.8

• Support models permission in permissions section. (#531, thanks @​muzimuzhi)
• Support job.check_run_id property. (#576, thanks @​muzimuzhi for fixing the type at #577)
• Support node24 runtime at using section in action metadata. (#561, thanks @​salmanmkc)
• Add support for the following runner labels
  • macos-26 and macos-26-large (#572, thanks @​muzimuzhi)
  • macos-15 (#572, thanks @​muzimuzhi)
• Drop support for the following runner labels which are no longer supported by GitHub.
  • ubuntu-20.04 (#534, thanks @​shogo82148)
  • windows-2019 (#572, thanks @​muzimuzhi)
• Support deprecationMessage in action inputs metadata. (#540, thanks @​saansh45)
• Support windows-11-arm runner. (#542, thanks @​trim21)
• Handle ubuntu-latest runner label as ubuntu-24.04 and macos-latest runner label as macos-15.
• Report mixing Intel Mac labels and Arm Mac labels as error.
• Add new types to issues and pull_request_target webhooks.
• Update the popular actions data set to the latest and add more actions to it (thanks @​sethvargo for fixing the go generate scripts)
  • actions/create-github-app-token
  • actions/attest-sbom
  • actions/ai-inference
  • peter-evans/create-or-update-comment
  • release-drafter/release-drafter
  • SamKirkland/FTP-Deploy-Action
• Fix the version value in actionlint -version output can be empty.
• Fix outdated URL links in some error messages and documents.
• Homebrew formula in this repository is deprecated and Homebrew cask is newly added instead because GoReleaser no longer supports Homebrew formula update. Note that Homebrew's official actionlint formula is still maintained. Please read the documentation for more details.
• Drop support for Go 1.23 and earlier because they are no longer maintained officially. Go 1.24 and later are supported to build actionlint.
• Replace go-yaml/yaml@v3 package with yaml/go-yaml@v4 package. go-yaml/yaml was used for parsing workflow files however it was unmaintained. yaml/go-yaml is a successor of the library officially maintained by YAML organization. (#575)
• Improve error messages on parsing workflow and action metadata files.

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.8 - 2025-10-11

• Support models permission in permissions section. (#531, thanks @​muzimuzhi)
• Support job.check_run_id property. (#576, thanks @​muzimuzhi for fixing the type at #577)
• Support node24 runtime at using section in action metadata. (#561, thanks @​salmanmkc)
• Add support for the following runner labels
  • macos-26 and macos-26-large (#572, thanks @​muzimuzhi)
  • macos-15 (#572, thanks @​muzimuzhi)
• Drop support for the following runner labels.
  • ubuntu-20.04 (#534, thanks @​shogo82148)
  • windows-2019 (#572, thanks @​muzimuzhi)
• Support deprecationMessage in action inputs. (#540, thanks @​saansh45)
• Support windows-11-arm runner. (#542, thanks @​trim21)
• Handle ubuntu-latest runner label as ubuntu-24.04 and macos-latest runner label as macos-15.
• Report mixing Intel Mac labels and Arm Mac labels as error.
• Add new types to issues and pull_request_target webhooks.
• Update the popular actions data set to the latest and add more actions to it (thanks @​sethvargo for fixing the go generate scripts)
  • actions/create-github-app-token
  • actions/attest-sbom
  • actions/ai-inference
  • peter-evans/create-or-update-comment
  • release-drafter/release-drafter
  • SamKirkland/FTP-Deploy-Action
• Fix the version value in actionlint -version can be empty.
• Fix outdated URL links in some error messages and documents.
• Homebrew formula in this repository is deprecated and Homebrew cask is newly added instead because GoReleaser no longer supports Homebrew formula update. Note that Homebrew's official actionlint formula is still maintained. Please read the documentation for more details.
• Drop support for Go 1.23 and earlier because they are no longer maintained officially. Go 1.24 and later are supported to build actionlint.
• Replace go-yaml/yaml@v3 package with yaml/go-yaml@v4 package. go-yaml/yaml was used for parsing workflow files however it was unmaintained. yaml/go-yaml is a successor of the library officially maintained by YAML organization. (#575)
• Improve error messages on parsing workflow and action metadata files.

[Changes][v1.7.8]

Commits

• e7d448e bump up version to v1.7.8
• 8e91629 follow the URL change in the official security document
• 724284c ignore .exe files in scripts directory
• 493abb8 remove redundant type annotations
• 6aa7c19 fix linting playground sources does not work on Windows
• c9a84fe Merge pull request #577 from muzimuzhi/check_run_id-is-number
• 8571752 add peter-evans/create-or-update-comment@v5 to popular actions data set
• 4701b7a set @main explicitly when installing the head via go install
• 433415b fix legacy ENV format and case sensitivity in Dockerfile
• a9fd256 migrate from macos-13 runner to macos-15-intel runner
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[spencerschrock]

@dependabot rebase

[spencerschrock]

@dependabot squash and merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot squash and merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.