chore(deps): bump the actions-updates group across 1 directory with 4 updates

[dependabot]

Bumps the actions-updates group with 4 updates in the / directory: foundry-rs/foundry-toolchain, actions/dependency-review-action, ossf/scorecard-action and crytic/slither-action.

Updates foundry-rs/foundry-toolchain from 1.5.0 to 1.7.0

Release notes

Sourced from foundry-rs/foundry-toolchain's releases.

v1.7.0

Features

• refactor: rewrite in TypeScript by @​DaniPopes in foundry-rs/foundry-toolchain#106
• feat: use foundryup by @​DaniPopes in foundry-rs/foundry-toolchain#102
• feat: print --version for all tools at end of action by @​DaniPopes in foundry-rs/foundry-toolchain#103
• feat: cache all of .foundry/cache instead of just /rpc by @​DaniPopes in foundry-rs/foundry-toolchain#107

Fixes

• fix: allow v-prefix and no prefix for specific versions by @​DaniPopes in foundry-rs/foundry-toolchain#104
• fix: remove windows --force hack by @​DaniPopes in foundry-rs/foundry-toolchain#108

Other

• chore: enable windows CI w/ tempo network by @​zerosnacks in foundry-rs/foundry-toolchain#99
• chore(deps): bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in foundry-rs/foundry-toolchain#100
• chore(meta): add AGENTS.md by @​DaniPopes in foundry-rs/foundry-toolchain#101
• chore(deps): bump to node v24.13.0 and update dependencies by @​zerosnacks in foundry-rs/foundry-toolchain#109

Full Changelog: foundry-rs/foundry-toolchain@v1...v1.7.0

v1.6.0

What's Changed

• fix: action should use node24 by @​zerosnacks in foundry-rs/foundry-toolchain#96
• nit: update action version in README by @​zerosnacks in foundry-rs/foundry-toolchain#97
• feat: add network configuration option and Tempo support by @​zerosnacks in foundry-rs/foundry-toolchain#98

Full Changelog: foundry-rs/foundry-toolchain@v1...v1.6.0

Commits

• 8789b3e chore(deps): bump to node v24.13.0 and update dependencies (#109)
• 5fc04c4 fix: remove windows --force hack (#108)
• 4a36879 feat: cache all of .foundry/cache instead of just /rpc (#107)
• 2d49e48 refactor: rewrite in TypeScript (#106)
• 61704be fix: allow v-prefix and no prefix for specific versions (#104)
• eceac89 feat: print --version for all tools at end of action (#103)
• 322b392 feat: use foundryup (#102)
• 10b1670 chore(meta): add AGENTS.md (#101)
• f7ae210 chore(deps): bump actions/upload-artifact from 5 to 6 (#100)
• 4b41dd6 enable windows CI w/ tempo network (#99)
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.5.0 to 4.8.2

Release notes

Sourced from actions/dependency-review-action's releases.

v4.8.2

Minor fixes:

• Fix PURL parsing for scoped packages (#1008 from @​danielhardej)
• Fix for large summaries (#1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#1009 from @​danielhardej)

Dependency Review Action v4.8.1

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in actions/dependency-review-action#1000
• Bump version for 4.8.1 release by @​ahpook in actions/dependency-review-action#1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

What's Changed

• Make Ruby Code Scannable by @​ljones140 in actions/dependency-review-action#978
• Batch some contributions for release by @​brrygrdn in actions/dependency-review-action#986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in actions/dependency-review-action#978
• @​jasperkamerling made their first contribution in actions/dependency-review-action#986
• @​MattMencel made their first contribution in actions/dependency-review-action#986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

4.7.3

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in actions/dependency-review-action#966
• Claire153/fix spamming mentioned issue by @​claire153 in actions/dependency-review-action#974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

4.7.2

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in actions/dependency-review-action#945
• Deprecate deny lists by @​claire153 in actions/dependency-review-action#958
• Address discrepancy between docs and reality by @​ahpook in actions/dependency-review-action#960

New Contributors

• @​KyFaSt made their first contribution in actions/dependency-review-action#945
• @​claire153 made their first contribution in actions/dependency-review-action#958
• @​ahpook made their first contribution in actions/dependency-review-action#960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

... (truncated)

Commits

• 3c4e3dc Merge pull request #1016 from actions/dra-release
• 02930b2 Update CONTRIBUTING to reflect new guidelines
• 49ffd9f Update CONTRIBUTING to reflect the need to build
• 70cb25e 4.8.2 release
• ebabd31 Merge pull request #1008 from danielhardej/danielhardej-patch-20251023
• 19f9360 Update package-lock.json
• 5fd2f98 Bump @​types/jest to version 29.5.14
• 28647f4 Fix PURL parsing by removing encodeURI
• f620fd1 Merge pull request #1013 from actions/dangoor/token-fix
• 9b42b7e Remove bad token reference
• Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.0 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

• docs: clarify GITHUB_TOKEN permissions needed for private repos by @​pankajtaneja5 in ossf/scorecard-action#1574
• 📖 Fix recommended command to test the image in development by @​deivid-rodriguez in ossf/scorecard-action#1583

Other

• add missing top-level token permissions to workflows by @​timothyklee in ossf/scorecard-action#1566
• setup codeowners for requesting reviews by @​spencerschrock in ossf/scorecard-action#1576
• 🌱 Improve printing options by @​deivid-rodriguez in ossf/scorecard-action#1584

New Contributors

• @​timothyklee made their first contribution in ossf/scorecard-action#1566
• @​pankajtaneja5 made their first contribution in ossf/scorecard-action#1574
• @​deivid-rodriguez made their first contribution in ossf/scorecard-action#1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

v2.4.1

What's Changed

• This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
• Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
  • use Scorecard library entrypoint instead of Cobra hooking by @​spencerschrock in ossf/scorecard-action#1423
• Some errors were made into annotations to make them more visible
  • Make default branch error more prominent by @​jsoref in ossf/scorecard-action#1459
• There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.
  • add input for specifying --file-mode by @​spencerschrock in ossf/scorecard-action#1509
• The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.
  • 🌱 publish docker images to GitHub Container Registry by @​spencerschrock in ossf/scorecard-action#1453

Docs

• Installation docs update by @​JeremiahAHoward in ossf/scorecard-action#1416

New Contributors

• @​JeremiahAHoward made their first contribution in ossf/scorecard-action#1416
• @​jsoref made their first contribution in ossf/scorecard-action#1459 Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

Commits

• 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
• 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
• 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
• 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
• 92083b5 📖 Fix recommended command to test the image in development (#1583)
• 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
• 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
• 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
• c3f1350 🌱 Improve printing options (#1584)
• 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
• Additional commits viewable in compare view

Updates crytic/slither-action from 0.4.0 to 0.4.2

Release notes

Sourced from crytic/slither-action's releases.

v0.4.2

0.4.2 - 2026-01-16

This is a patch release for the Slither Action - the Github Action for Slither.

What's Changed

• Bump Python version to 3.10 by @​elopez in crytic/slither-action#98

Full Changelog: crytic/slither-action@v0.4.1...v0.4.2

v0.4.1

0.4.1 - 2025-03-21

This is a patch release for the Slither Action - the Github Action for Slither.

What's Changed

• Update foundryup by @​elopez in crytic/slither-action#93

Full Changelog: crytic/slither-action@v0.4.0...v0.4.1

Commits

• b52cc1c Merge pull request #99 from crytic/dev-readme
• 083e5be Update action README for v0.4.2
• 92f27ba Merge pull request #98 from crytic/py310
• 310f76e Bump Python version to 3.10
• 4fd765a Merge pull request #95 from crytic/dev-update-readme
• 6bbb739 Update action README for v0.4.1
• 4c869f5 Merge pull request #93 from crytic/dev-foundryup-update
• 3eef552 Update foundryup
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/crytic/slither-action	b52cc1cbfee9ca3e8722dd5224299d16c9a6b80f	🟢 4.1	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Code-Review ⚠️ 0 Found 0/14 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/foundry-rs/foundry-toolchain	8789b3e21e6c11b2697f5eb56eddae542f746c10	🟢 8.1	Details Check Score Reason Code-Review 🟢 9 Found 23/25 approved changesets -- score normalized to 9 Maintained 🟢 10 14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 9 1 existing vulnerabilities detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool detected but not run on all commits

Scanned Files

• .github/workflows/slither.yml

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.