{"id":1435,"name":"actions/github-script","ecosystem":"actions","repository_url":"https://github.com/actions/github-script","issues_count":11695,"created_at":"2025-06-06T15:01:44.427Z","updated_at":"2025-06-06T15:01:44.427Z","purl":"pkg:githubactions/actions/github-script","metadata":{"id":5790165,"name":"actions/github-script","ecosystem":"actions","description":"Run simple scripts using the GitHub client","homepage":"","licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/actions/github-script","keywords_array":["actions","github-api","javascript"],"namespace":"actions","versions_count":57,"first_release_published_at":"2019-09-05T13:20:46.000Z","latest_release_published_at":"2023-11-17T22:20:07.000Z","latest_release_number":"v7.0.1","last_synced_at":"2024-12-01T07:10:57.875Z","created_at":"2023-01-03T17:38:23.786Z","updated_at":"2024-12-01T07:10:57.875Z","registry_url":"https://github.com/actions/github-script","install_command":null,"documentation_url":null,"metadata":{"name":"GitHub Script","author":"GitHub","description":"Run simple scripts using the GitHub client","branding":{"color":"blue","icon":"code"},"inputs":{"script":{"description":"The script to run","required":true},"github-token":{"description":"The GitHub token used to create an authenticated client","default":"${{ github.token }}","required":false},"debug":{"description":"Whether to tell the GitHub client to log details of its requests. true or false. Default is to run in debug mode when the GitHub Actions step debug logging is turned on.","default":"${{ runner.debug == '1' }}"},"user-agent":{"description":"An optional user-agent string","default":"actions/github-script"},"previews":{"description":"A comma-separated list of GraphQL API previews to accept"},"result-encoding":{"description":"Either \"string\" or \"json\" (default \"json\")—how the result will be encoded","default":"json"},"retries":{"description":"The number of times to retry a request","default":"0"},"retry-exempt-status-codes":{"description":"A comma separated list of status codes that will NOT be retried e.g. \"400,500\". No effect unless `retries` is set","default":400401403404422},"base-url":{"description":"An optional GitHub REST API URL to connect to a different GitHub instance. For example, https://my.github-enterprise-server.com/api/v3","required":false}},"outputs":{"result":{"description":"The return value of the script, stringified with `JSON.stringify`"}},"runs":{"using":"node20","main":"dist/index.js"},"default_branch":"main","path":null},"repo_metadata":{"uuid":"205262760","full_name":"actions/github-script","owner":"actions","description":"Write workflows scripting the GitHub API in JavaScript","archived":false,"fork":false,"pushed_at":"2023-11-13T18:05:37.000Z","size":2170,"stargazers_count":3604,"open_issues_count":32,"forks_count":406,"subscribers_count":34,"default_branch":"main","last_synced_at":"2023-11-14T17:03:35.238Z","etag":null,"topics":["actions","github-api","javascript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2019-08-29T22:46:51.000Z","updated_at":"2023-11-14T14:10:52.000Z","dependencies_parsed_at":"2023-10-20T16:19:19.331Z","dependency_job_id":null,"html_url":"https://github.com/actions/github-script","commit_stats":{"total_commits":281,"total_committers":53,"mean_commits":5.30188679245283,"dds":0.6192170818505338,"last_synced_commit":"060d68304cc19ea84d828af10e34b9c6ca7bdb31"},"previous_names":[],"tags_count":56,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","download_url":"https://codeload.github.com/actions/github-script/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":171238910,"owners_count":9657316,"icon_url":"https://github.com/github.png","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"actions","name":"GitHub Actions","uuid":"44036562","kind":"organization","description":"Automate your GitHub workflows","email":null,"website":"https://github.com/features/actions","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/44036562?v=4","repositories_count":59,"last_synced_at":"2023-04-09T12:20:28.551Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/actions","created_at":"2022-11-02T16:25:53.210Z","updated_at":"2023-04-09T12:20:28.609Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions/repositories"},"tags":[{"name":"v7","sha":"e69ef5462fd455e02edcaf4dd7708eda96b9eda0","kind":"tag","published_at":"2023-11-13T18:05:24.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v7","html_url":"https://github.com/actions/github-script/releases/tag/v7","dependencies_parsed_at":null,"dependency_job_id":"e18d2d07-39be-448e-93bb-ede6915e73ea","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v7/manifests"},{"name":"v7.0.0","sha":"e69ef5462fd455e02edcaf4dd7708eda96b9eda0","kind":"commit","published_at":"2023-11-13T18:02:38.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v7.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v7.0.0","dependencies_parsed_at":null,"dependency_job_id":"947134f1-970c-46ab-898e-6ab31f60c8cb","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v7.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v7.0.0/manifests"},{"name":"v2.1.0","sha":"4aed96e0ba636e3df2423e6887c9a83ef8522d6d","kind":"commit","published_at":"2023-04-28T13:13:11.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v2.1.0","html_url":"https://github.com/actions/github-script/releases/tag/v2.1.0","dependencies_parsed_at":"2023-06-01T00:10:14.902Z","dependency_job_id":"5d0e2740-85f9-4c60-bbc2-17719c8c634c","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.1.0/manifests"},{"name":"v6.4.1","sha":"d7906e4ad0b1822421a7e6a35d5ca353c962f410","kind":"commit","published_at":"2023-04-05T16:32:04.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.4.1","html_url":"https://github.com/actions/github-script/releases/tag/v6.4.1","dependencies_parsed_at":"2023-06-01T00:10:20.613Z","dependency_job_id":"4cb46c9d-46d9-4127-a655-8e0402932395","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.4.1/manifests"},{"name":"v4.2.0","sha":"10b53a9ec6c222bb4ce97aa6bd2b5f739696b536","kind":"commit","published_at":"2023-03-13T13:10:02.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.2.0","html_url":"https://github.com/actions/github-script/releases/tag/v4.2.0","dependencies_parsed_at":"2023-06-01T00:10:23.719Z","dependency_job_id":"dabb2627-6d85-4059-8cfe-fb5417254a24","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.2.0/manifests"},{"name":"v5.2.0","sha":"211cb3fefb35a799baa5156f9321bb774fe56294","kind":"commit","published_at":"2023-03-10T17:24:35.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v5.2.0","html_url":"https://github.com/actions/github-script/releases/tag/v5.2.0","dependencies_parsed_at":"2023-06-01T00:10:26.224Z","dependency_job_id":"a8965766-1968-45aa-8a1d-254f08a2d770","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.2.0/manifests"},{"name":"v3.2.0","sha":"ffc2c79a5b2490bd33e0a41c1de74b877714d736","kind":"commit","published_at":"2023-03-10T17:18:05.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.2.0","html_url":"https://github.com/actions/github-script/releases/tag/v3.2.0","dependencies_parsed_at":"2023-06-01T00:10:26.128Z","dependency_job_id":"69db7c7f-48e9-4164-9f5b-f7fc9db18637","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.2.0/manifests"},{"name":"v6.4.0","sha":"98814c53be79b1d30f795b907e553d8679345975","kind":"commit","published_at":"2023-01-26T16:32:53.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.4.0","html_url":"https://github.com/actions/github-script/releases/tag/v6.4.0","dependencies_parsed_at":"2023-06-01T00:10:18.864Z","dependency_job_id":"59cabd88-3b1a-4b8d-b801-b5e145078ecf","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.4.0/manifests"},{"name":"v6.3.3","sha":"d556feaca394842dc55e4734bf3bb9f685482fa0","kind":"commit","published_at":"2022-10-13T22:34:27.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.3.3","html_url":"https://github.com/actions/github-script/releases/tag/v6.3.3","dependencies_parsed_at":"2023-05-31T18:25:32.748Z","dependency_job_id":"0ed39147-59f7-4ae0-b10a-095a1b9ff5aa","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.3/manifests"},{"name":"v6.3.2","sha":"100527700e8b29ca817ac0e0dfbfc5e8ff38edda","kind":"commit","published_at":"2022-10-11T15:43:51.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.3.2","html_url":"https://github.com/actions/github-script/releases/tag/v6.3.2","dependencies_parsed_at":"2023-05-31T18:25:33.970Z","dependency_job_id":"43884701-fad6-4c31-b941-f7cdfe3b1f87","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.2/manifests"},{"name":"v6.3.1","sha":"7dff1a87643417cf3b95bb10b29f4c4bc60d8ebd","kind":"commit","published_at":"2022-09-30T20:50:50.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.3.1","html_url":"https://github.com/actions/github-script/releases/tag/v6.3.1","dependencies_parsed_at":"2023-05-31T18:25:35.190Z","dependency_job_id":"44d9d669-c6db-468d-b7a6-bc3ab068bd46","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.1/manifests"},{"name":"v6.3.0","sha":"d4560e157075e2d93aa3022b5b51a42a880f1f93","kind":"commit","published_at":"2022-09-26T21:50:50.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.3.0","html_url":"https://github.com/actions/github-script/releases/tag/v6.3.0","dependencies_parsed_at":"2023-05-31T18:25:36.521Z","dependency_job_id":"8f9d52b7-b406-40a5-ba49-c151b2fd8729","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.3.0/manifests"},{"name":"v6","sha":"c713e510dbd7d213d92d41b7a7805a986f4c5c66","kind":"tag","published_at":"2022-08-26T17:14:22.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6","html_url":"https://github.com/actions/github-script/releases/tag/v6","dependencies_parsed_at":"2023-05-30T22:22:41.615Z","dependency_job_id":"d7072188-74d8-4e5d-9d34-f6778a737328","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6/manifests"},{"name":"v6.2.0","sha":"c713e510dbd7d213d92d41b7a7805a986f4c5c66","kind":"commit","published_at":"2022-08-26T17:12:14.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.2.0","html_url":"https://github.com/actions/github-script/releases/tag/v6.2.0","dependencies_parsed_at":"2023-05-30T22:22:40.227Z","dependency_job_id":"025e9da6-e0fd-4465-bf26-c6a8c002a26d","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.2.0/manifests"},{"name":"v5","sha":"9b7ebbb458768465bb03f28bbef5aa6b5d9d5baf","kind":"tag","published_at":"2022-08-12T14:36:09.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v5","html_url":"https://github.com/actions/github-script/releases/tag/v5","dependencies_parsed_at":"2023-05-30T22:22:46.417Z","dependency_job_id":"2aab4ecb-a052-4310-8fed-cc6ca8e16d2d","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5/manifests"},{"name":"v5.1.1","sha":"9b7ebbb458768465bb03f28bbef5aa6b5d9d5baf","kind":"commit","published_at":"2022-08-12T14:35:00.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v5.1.1","html_url":"https://github.com/actions/github-script/releases/tag/v5.1.1","dependencies_parsed_at":"2023-05-30T22:22:44.310Z","dependency_job_id":"6e040f30-36ac-4e95-bf88-18401066db3c","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.1.1/manifests"},{"name":"v6.1.1","sha":"d50f485531ba88479582bc2da03ff424389af5c1","kind":"commit","published_at":"2022-08-12T14:09:00.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.1.1","html_url":"https://github.com/actions/github-script/releases/tag/v6.1.1","dependencies_parsed_at":"2023-05-30T22:22:43.013Z","dependency_job_id":"d058d422-8188-417c-9e5f-901657132cd6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.1.1/manifests"},{"name":"v6.1.0","sha":"7a5c598405937d486b0331594b5da2b14db670da","kind":"commit","published_at":"2022-05-12T22:43:19.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.1.0","html_url":"https://github.com/actions/github-script/releases/tag/v6.1.0","dependencies_parsed_at":"2023-05-30T22:22:47.729Z","dependency_job_id":"eb19b6fc-5b02-420e-988f-1e2ab84b10da","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.1.0/manifests"},{"name":"v6.0.0","sha":"9ac08808f993958e9de277fe43a64532a609130e","kind":"commit","published_at":"2022-02-11T15:21:32.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v6.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v6.0.0","dependencies_parsed_at":"2023-05-30T22:22:49.541Z","dependency_job_id":"04e57d64-2472-48ca-8019-ef71667db98b","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v6.0.0/manifests"},{"name":"v5.1.0","sha":"e3cbab99d3a9b271e1b79fc96d103a4a5534998c","kind":"commit","published_at":"2022-01-07T18:30:24.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v5.1.0","html_url":"https://github.com/actions/github-script/releases/tag/v5.1.0","dependencies_parsed_at":"2023-05-30T22:22:50.936Z","dependency_job_id":"463e05a5-ee9a-4d01-befa-43db455a816e","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.1.0/manifests"},{"name":"v5.0.0","sha":"441359b1a30438de65712c2fbca0abe4816fa667","kind":"commit","published_at":"2021-09-24T16:41:56.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v5.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v5.0.0","dependencies_parsed_at":"2023-05-30T22:22:52.190Z","dependency_job_id":"39bb90e1-cdba-45d7-a074-30e9fd73ce13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v5.0.0/manifests"},{"name":"v4","sha":"deb7ae927cc19ae3a8b57293dd5cd2f16171e1e2","kind":"tag","published_at":"2021-09-23T20:59:19.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4","html_url":"https://github.com/actions/github-script/releases/tag/v4","dependencies_parsed_at":"2023-05-30T22:22:56.382Z","dependency_job_id":"933801cf-58e0-4eef-8882-b1e0380f74ae","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4/manifests"},{"name":"v4.1","sha":"deb7ae927cc19ae3a8b57293dd5cd2f16171e1e2","kind":"tag","published_at":"2021-09-23T20:59:07.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.1","html_url":"https://github.com/actions/github-script/releases/tag/v4.1","dependencies_parsed_at":"2023-05-30T22:22:55.068Z","dependency_job_id":"430ba888-d1b0-4905-9a77-d87b93eadaf0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.1/manifests"},{"name":"v4.1.1","sha":"deb7ae927cc19ae3a8b57293dd5cd2f16171e1e2","kind":"commit","published_at":"2021-09-23T18:44:44.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.1.1","html_url":"https://github.com/actions/github-script/releases/tag/v4.1.1","dependencies_parsed_at":"2023-05-30T22:22:53.425Z","dependency_job_id":"fa6ffe38-b3d7-4e8e-8e55-d8caad3cd3cf","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.1.1/manifests"},{"name":"v4.1.0","sha":"f891eff65186019cbb3f7190c4590bc0a1b76fbc","kind":"commit","published_at":"2021-08-19T17:52:50.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.1.0","html_url":"https://github.com/actions/github-script/releases/tag/v4.1.0","dependencies_parsed_at":"2023-05-30T22:22:57.586Z","dependency_job_id":"22e1604b-2ac9-48c9-8f18-b0016b69dd57","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.1.0/manifests"},{"name":"v4.0","sha":"a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293","kind":"tag","published_at":"2021-04-23T17:32:11.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.0","html_url":"https://github.com/actions/github-script/releases/tag/v4.0","dependencies_parsed_at":"2023-05-30T22:22:59.909Z","dependency_job_id":"900330db-1819-4cea-b40e-9cdbccb8c271","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0/manifests"},{"name":"v4.0.2","sha":"a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293","kind":"commit","published_at":"2021-04-23T17:29:23.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.0.2","html_url":"https://github.com/actions/github-script/releases/tag/v4.0.2","dependencies_parsed_at":"2023-05-30T22:22:58.850Z","dependency_job_id":"fc8d12e1-74a9-4fa9-9dfb-d20045204a99","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0.2/manifests"},{"name":"v4.0.1","sha":"85e88a66eaa831097093a3d278536947f2984d20","kind":"commit","published_at":"2021-04-21T22:31:08.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.0.1","html_url":"https://github.com/actions/github-script/releases/tag/v4.0.1","dependencies_parsed_at":"2023-05-30T22:23:01.021Z","dependency_job_id":"8806470e-ae3c-4cc9-9fe5-437da1160329","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0.1/manifests"},{"name":"v4.0.0","sha":"95fb649573b4020d9a24b4480947c1746afcb137","kind":"commit","published_at":"2021-04-21T21:50:55.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v4.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v4.0.0","dependencies_parsed_at":"2023-05-30T22:23:02.067Z","dependency_job_id":"a4139f32-7950-4048-b7ac-6e5471922eba","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v4.0.0/manifests"},{"name":"v3","sha":"f05a81df23035049204b043b50c3322045ce7eb3","kind":"tag","published_at":"2021-03-30T18:54:24.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3","html_url":"https://github.com/actions/github-script/releases/tag/v3","dependencies_parsed_at":"2023-05-30T22:23:05.248Z","dependency_job_id":"664d3ad2-57e6-457b-8772-a33e5a5bd152","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3/manifests"},{"name":"v3.1","sha":"f05a81df23035049204b043b50c3322045ce7eb3","kind":"tag","published_at":"2021-03-30T18:53:47.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.1","html_url":"https://github.com/actions/github-script/releases/tag/v3.1","dependencies_parsed_at":"2023-05-30T22:23:04.187Z","dependency_job_id":"92fa398c-aafe-42c9-b648-56148e4213f6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.1/manifests"},{"name":"v3.1.1","sha":"f05a81df23035049204b043b50c3322045ce7eb3","kind":"commit","published_at":"2021-03-30T18:00:42.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.1.1","html_url":"https://github.com/actions/github-script/releases/tag/v3.1.1","dependencies_parsed_at":"2023-05-30T22:23:03.184Z","dependency_job_id":"d891825f-9db0-439d-a8e1-75b34536c2f7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"47f7cf65b5ced0830a325f705cad64f2f58dddf7","kind":"commit","published_at":"2020-11-17T14:16:23.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.1.0","html_url":"https://github.com/actions/github-script/releases/tag/v3.1.0","dependencies_parsed_at":"2023-05-30T22:23:06.445Z","dependency_job_id":"b9f5feb9-5a77-4015-84b6-29bc9d4c430b","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.1.0/manifests"},{"name":"v3.0.2","sha":"3c58ce3675ed384a4289ff500446f7d740747805","kind":"commit","published_at":"2020-11-17T13:43:24.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.0.2","html_url":"https://github.com/actions/github-script/releases/tag/v3.0.2","dependencies_parsed_at":"2023-05-30T22:23:07.427Z","dependency_job_id":"56737825-eaa4-45d4-9c13-19481ee0ff21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0.2/manifests"},{"name":"v3.0","sha":"3c58ce3675ed384a4289ff500446f7d740747805","kind":"commit","published_at":"2020-11-17T13:43:24.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.0","html_url":"https://github.com/actions/github-script/releases/tag/v3.0","dependencies_parsed_at":"2023-05-30T22:23:10.137Z","dependency_job_id":"49e47761-9ea3-4bf0-a091-1ceed3e1bfef","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0/manifests"},{"name":"v3.0.1","sha":"ff0a9e81a89f1e88123c5220630578ec6ae2ef99","kind":"commit","published_at":"2020-11-17T13:11:47.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.0.1","html_url":"https://github.com/actions/github-script/releases/tag/v3.0.1","dependencies_parsed_at":"2023-05-30T22:23:08.784Z","dependency_job_id":"10e2bc2e-6864-4a10-b674-cacc80a91e46","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0.1/manifests"},{"name":"v3.0.0","sha":"626af12fe9a53dc2972b48385e7fe7dec79145c9","kind":"commit","published_at":"2020-08-21T15:04:01.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v3.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v3.0.0","dependencies_parsed_at":"2023-05-30T22:23:11.279Z","dependency_job_id":"f5b613a8-016b-4daa-b5b5-6f59da8c6b39","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v3.0.0/manifests"},{"name":"v2","sha":"44b873bc975058192f5279ebe7579496381f575d","kind":"commit","published_at":"2020-08-07T01:11:50.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v2","html_url":"https://github.com/actions/github-script/releases/tag/v2","dependencies_parsed_at":"2023-05-30T22:23:14.474Z","dependency_job_id":"340fe411-62a4-41ba-bdd8-fb5db54cb33c","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2/manifests"},{"name":"v2.0","sha":"44b873bc975058192f5279ebe7579496381f575d","kind":"commit","published_at":"2020-08-07T01:11:50.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v2.0","html_url":"https://github.com/actions/github-script/releases/tag/v2.0","dependencies_parsed_at":"2023-05-30T22:23:13.354Z","dependency_job_id":"ba0ecd6f-be33-439f-ab54-99748736a512","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.0/manifests"},{"name":"v2.0.1","sha":"44b873bc975058192f5279ebe7579496381f575d","kind":"commit","published_at":"2020-08-07T01:11:50.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v2.0.1","html_url":"https://github.com/actions/github-script/releases/tag/v2.0.1","dependencies_parsed_at":"2023-05-30T22:23:12.269Z","dependency_job_id":"ec00b48a-d229-4f3e-86e1-bc0fdbca969a","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"6e5ee1dc1cb3740e5e5e76ad668e3f526edbfe45","kind":"commit","published_at":"2020-06-04T18:15:51.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v2.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v2.0.0","dependencies_parsed_at":"2023-05-30T22:23:15.418Z","dependency_job_id":"fcdfc203-03d7-46a0-9c91-397efe041e21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v2.0.0/manifests"},{"name":"v1.1.0","sha":"c7971c2fc036368a2c59c8d48a0357dad1780f0d","kind":"tag","published_at":"2020-05-20T13:53:04.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v1.1.0","html_url":"https://github.com/actions/github-script/releases/tag/v1.1.0","dependencies_parsed_at":"2023-05-30T22:23:16.801Z","dependency_job_id":"4ea2ca49-98d6-4881-baf7-f7caf5112824","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.1.0/manifests"},{"name":"v1","sha":"c7971c2fc036368a2c59c8d48a0357dad1780f0d","kind":"commit","published_at":"2020-05-20T13:53:04.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v1","html_url":"https://github.com/actions/github-script/releases/tag/v1","dependencies_parsed_at":"2023-05-30T22:23:18.422Z","dependency_job_id":"4f4845cb-8893-45b8-ba60-ae2c719a638c","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1/manifests"},{"name":"v1.1","sha":"c7971c2fc036368a2c59c8d48a0357dad1780f0d","kind":"commit","published_at":"2020-05-20T13:53:04.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v1.1","html_url":"https://github.com/actions/github-script/releases/tag/v1.1","dependencies_parsed_at":"2023-05-30T22:23:17.694Z","dependency_job_id":"d6f451c2-6b4c-4176-9739-ec3984d2696f","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.1/manifests"},{"name":"v1.0.1","sha":"c20b4a79d3f025f44e5e7e7803645ca9e2415a96","kind":"tag","published_at":"2020-05-18T18:53:18.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v1.0.1","html_url":"https://github.com/actions/github-script/releases/tag/v1.0.1","dependencies_parsed_at":"2023-05-30T22:23:19.384Z","dependency_job_id":"5fb234db-fe6d-4f48-a475-2e0a59537d8a","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"048309c447b73d5fbfdd84dbec60d1a88060d096","kind":"commit","published_at":"2020-05-18T18:32:21.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v1.0.0","html_url":"https://github.com/actions/github-script/releases/tag/v1.0.0","dependencies_parsed_at":"2023-05-30T22:23:20.285Z","dependency_job_id":"53a20a2d-3a3a-4765-9818-61cc881f0fd1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.0.0/manifests"},{"name":"v1.0","sha":"048309c447b73d5fbfdd84dbec60d1a88060d096","kind":"commit","published_at":"2020-05-18T18:32:21.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/v1.0","html_url":"https://github.com/actions/github-script/releases/tag/v1.0","dependencies_parsed_at":"2023-05-30T22:23:21.211Z","dependency_job_id":"4442f0be-e592-4472-ac2b-0f8566499da7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/v1.0/manifests"},{"name":"0.9.0","sha":"5d03ada4b0a753e9460b312e61cc4f8fdeacf163","kind":"commit","published_at":"2020-03-24T19:14:05.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.9.0","html_url":"https://github.com/actions/github-script/releases/tag/0.9.0","dependencies_parsed_at":"2023-05-30T22:23:22.010Z","dependency_job_id":"aebf394a-785b-4191-b955-f86a07b3bb78","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.9.0/manifests"},{"name":"0.8.0","sha":"80a5e943b446817466ff17e8b61cb80848641ed6","kind":"commit","published_at":"2020-02-28T14:18:07.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.8.0","html_url":"https://github.com/actions/github-script/releases/tag/0.8.0","dependencies_parsed_at":"2023-05-30T22:23:22.651Z","dependency_job_id":"44d90e0b-68fd-4839-a219-439405155845","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.8.0/manifests"},{"name":"0.7.0","sha":"0cb5c91bd3608bf215b3cbc01abdc38c8163ea5e","kind":"commit","published_at":"2020-02-28T14:12:55.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.7.0","html_url":"https://github.com/actions/github-script/releases/tag/0.7.0","dependencies_parsed_at":"2023-05-30T22:23:23.209Z","dependency_job_id":"d51df98c-511d-4138-af9a-5ae28269e4a8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.7.0/manifests"},{"name":"0.6.0","sha":"5363c89495e2ddaea4a64feb5f586af2cb6118c0","kind":"commit","published_at":"2020-02-25T20:45:01.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.6.0","html_url":"https://github.com/actions/github-script/releases/tag/0.6.0","dependencies_parsed_at":"2023-05-30T22:23:23.661Z","dependency_job_id":"115964ac-81aa-4bc5-8754-7eb8b20e5a13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.6.0/manifests"},{"name":"0.5.0","sha":"f3c2f2ea28920389cd1cd8e8361cade92bbf0d54","kind":"commit","published_at":"2020-02-13T19:17:57.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.5.0","html_url":"https://github.com/actions/github-script/releases/tag/0.5.0","dependencies_parsed_at":"2023-05-30T22:23:24.331Z","dependency_job_id":"f098a7ea-997f-4edf-8f6b-cdcb13612cfb","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.5.0/manifests"},{"name":"0.4.0","sha":"83e4cfe60ad25a2d0637965c993eb54c325d6d8d","kind":"commit","published_at":"2020-01-08T19:58:37.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.4.0","html_url":"https://github.com/actions/github-script/releases/tag/0.4.0","dependencies_parsed_at":"2023-05-30T22:23:24.843Z","dependency_job_id":"14e00301-8da5-4db6-90bf-b90c43465d64","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.4.0/manifests"},{"name":"0.3.0","sha":"9f3a1f13430422c9dc3079464b4161c4de25fc42","kind":"commit","published_at":"2019-11-13T23:04:08.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.3.0","html_url":"https://github.com/actions/github-script/releases/tag/0.3.0","dependencies_parsed_at":"2023-05-30T22:23:25.319Z","dependency_job_id":"9ecd7374-49a3-4d80-b802-4b6a4ce5ca4d","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.3.0/manifests"},{"name":"0.2.0","sha":"e5da67d39584bc686fb8876607bb0834fc3405b0","kind":"commit","published_at":"2019-09-05T16:03:28.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.2.0","html_url":"https://github.com/actions/github-script/releases/tag/0.2.0","dependencies_parsed_at":"2023-05-30T22:23:25.783Z","dependency_job_id":"8511f39a-4d4e-4d8b-b594-796f9c682b80","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.2.0/manifests"},{"name":"0.1.0","sha":"a113ccad712e70be3e508e3d30dc5532d351c84e","kind":"commit","published_at":"2019-09-05T13:20:46.000Z","download_url":"https://codeload.github.com/actions/github-script/tar.gz/0.1.0","html_url":"https://github.com/actions/github-script/releases/tag/0.1.0","dependencies_parsed_at":"2023-05-30T22:23:26.207Z","dependency_job_id":"70fa2ad1-1cfb-419a-95cb-2b676c663906","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fgithub-script/tags/0.1.0/manifests"}]},"repo_metadata_updated_at":"2023-11-14T17:43:58.591Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":40495,"rankings":{"downloads":null,"dependent_repos_count":0.05070511804785296,"dependent_packages_count":0.0,"stargazers_count":0.04753604816986214,"forks_count":0.133100934875614,"docker_downloads_count":null,"average":0.05783552527333227},"purl":"pkg:githubactions/actions/github-script","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/actions/github-script","docker_dependents_count":8,"docker_downloads_count":720588951,"usage_url":"https://repos.ecosyste.ms/usage/actions/actions/github-script","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/actions/github-script/dependencies","status":"removed","funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/actions%2Fgithub-script/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/actions%2Fgithub-script/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/actions%2Fgithub-script/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/actions%2Fgithub-script/related_packages","maintainers":[],"registry":{"name":"github actions","url":"https://github.com/marketplace/actions/","ecosystem":"actions","default":true,"packages_count":31615,"maintainers_count":0,"namespaces_count":19962,"keywords_count":6709,"github":"actions","metadata":{"funded_packages_count":2985},"icon_url":"https://github.com/actions.png","created_at":"2023-01-03T17:16:39.185Z","updated_at":"2025-06-06T06:00:12.453Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/namespaces"}},"unique_repositories_count":9770,"unique_repositories_count_past_30_days":36,"recent_issues":[{"uuid":"4893835600","node_id":"PR_kwDOTZY2Ls7yFtEz","number":6,"state":"closed","title":"Bump actions/github-script from 8.0.0 to 9.0.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-07-16T03:30:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-15T15:16:00.000Z","updated_at":"2026-07-16T03:30:39.000Z","time_to_close":44071,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=8.0.0\u0026new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wdxhr3/codex-transcript-folding/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdxhr3%2Fcodex-transcript-folding/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4889656037","node_id":"PR_kwDORwQ5fs7x4LLX","number":287,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-15T05:40:43.000Z","updated_at":"2026-07-19T02:16:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":16,"packages":[{"name":"actions/checkout","old_version":"4.2.2","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"4.4.0","new_version":"7.0.0","repository_url":"https://github.com/actions/setup-node"},{"name":"github/codeql-action/upload-sarif","old_version":"3.26.6","new_version":"4.37.1","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"taiki-e/install-action","old_version":"2.83.0","new_version":"2.83.4","repository_url":"https://github.com/taiki-e/install-action"},{"name":"actions/attest-build-provenance","old_version":"2.4.0","new_version":"4.1.1","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"codecov/codecov-action","old_version":"4.6.0","new_version":"7.0.0","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"actions/setup-dotnet","old_version":"4.3.1","new_version":"6.0.0","repository_url":"https://github.com/actions/setup-dotnet"},{"name":"google/osv-scanner-action/osv-scanner-action","old_version":"2.2.3","new_version":"2.3.8","repository_url":"https://github.com/google/osv-scanner-action"},{"name":"actions/github-script","old_version":"7.1.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"},{"name":"gitleaks/gitleaks-action","old_version":"2.3.9","new_version":"3.0.0","repository_url":"https://github.com/gitleaks/gitleaks-action"},{"name":"aquasecurity/trivy-action","old_version":"df678dbccf677bc6937338d569ba0da18964a8cc","new_version":"c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8","repository_url":"https://github.com/aquasecurity/trivy-action"}],"path":null,"ecosystem":"actions"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the github-actions group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `7.0.0` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `7.0.0` |\n| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `3.26.6` | `4.37.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.83.0` | `2.83.4` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.1` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.6.0` | `7.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4.3.1` | `6.0.0` |\n| [google/osv-scanner-action/osv-scanner-action](https://github.com/google/osv-scanner-action) | `2.2.3` | `2.3.8` |\n| [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `9.0.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |\n| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.9` | `3.0.0` |\n| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `df678dbccf677bc6937338d569ba0da18964a8cc` | `c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8` |\n\n\nUpdates `actions/checkout` from 4.2.2 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github/codeql-action from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2475\"\u003eactions/checkout#2475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2477\"\u003eactions/checkout#2477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/build-push-action from 6.5.0 to 7.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2478\"\u003eactions/checkout#2478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/login-action from 3.3.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2479\"\u003eactions/checkout#2479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 6 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2488\"\u003eactions/checkout#2488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2476\"\u003eactions/checkout#2476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eeslint 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2474\"\u003eactions/checkout#2474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-actions-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2499\"\u003eactions/checkout#2499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eskip running unsafe pr check if input is default by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2518\"\u003eactions/checkout#2518\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etrim only ascii whitespace for branch by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2521\"\u003eactions/checkout#2521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eescape values passed to --unset by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2530\"\u003eactions/checkout#2530\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.2.2...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4.4.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd cache-primary-key and cache-matched-key as outputs by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1577\"\u003eactions/setup-node#1577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to ESM and upgrade dependencies by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1574\"\u003eactions/setup-node#1574\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove dummy NODE_AUTH_TOKEN export by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1558\"\u003eactions/setup-node#1558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly use \u003ccode\u003emirrorToken\u003c/code\u003e in \u003ccode\u003egetManifest\u003c/code\u003e if it's provided by \u003ca href=\"https://github.com/deiga\"\u003e\u003ccode\u003e@​deiga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1548\"\u003eactions/setup-node#1548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd documentation for publishing to npm with Trusted Publisher (OIDC) by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1536\"\u003eactions/setup-node#1536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update restore-only cache documentation by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1550\"\u003eactions/setup-node#1550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update caching recommendations to mitigate cache poisoning risks by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1567\"\u003eactions/setup-node#1567\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency update:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to 5.1.0, log cache write denied by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1569\"\u003eactions/setup-node#1569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1536\"\u003eactions/setup-node#1536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deiga\"\u003e\u003ccode\u003e@​deiga\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1548\"\u003eactions/setup-node#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1569\"\u003eactions/setup-node#1569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​actions/cache\u003c/code\u003e to 5.1.0 and add security overrides for undici and fast-xml-parser by \u003ca href=\"https://github.com/HarithaVattikuti\"\u003e\u003ccode\u003e@​HarithaVattikuti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1579\"\u003eactions/setup-node#1579\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6.4.0...v6.5.0\"\u003ehttps://github.com/actions/setup-node/compare/v6.4.0...v6.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/820762786026740c76f36085b0efc47a31fe5020\"\u003e\u003ccode\u003e8207627\u003c/code\u003e\u003c/a\u003e Migrate to ESM and upgrade dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1574\"\u003e#1574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/04be95cf3511ea51ebf9f224ddfb99cc7ab87cd4\"\u003e\u003ccode\u003e04be95c\u003c/code\u003e\u003c/a\u003e Add cache-primary-key and cache-matched-key as outputs (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1577\"\u003e#1577\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/7c2c68d20d402ed6a201ada70a81341941093140\"\u003e\u003ccode\u003e7c2c68d\u003c/code\u003e\u003c/a\u003e docs: Update caching recommendations to mitigate cache poisoning risks (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1567\"\u003e#1567\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6a61c0375d66246de94630495909f12cf8dac84d\"\u003e\u003ccode\u003e6a61c03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1569\"\u003e#1569\u003c/a\u003e from jasongin/update-actions-cache-5.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/30eb73b41ded577900c1ebf968ef95cdf8f7434f\"\u003e\u003ccode\u003e30eb73b\u003c/code\u003e\u003c/a\u003e Resolve high-severity audit issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/4e1a87a501d0302f99e30e2748568adcb388d09f\"\u003e\u003ccode\u003e4e1a87a\u003c/code\u003e\u003c/a\u003e Update dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/360237f0c01778d0c17291f75c56d6feae4f7574\"\u003e\u003ccode\u003e360237f\u003c/code\u003e\u003c/a\u003e Strict equality\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/4f8aac5beb2f0854bc79651567a18c67eb0b9de3\"\u003e\u003ccode\u003e4f8aac5\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to 5.1.0, log cache write denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/f4a67bbeca970f103397d3d2b9462cf787cd2980\"\u003e\u003ccode\u003ef4a67bb\u003c/code\u003e\u003c/a\u003e Only use \u003ccode\u003emirrorToken\u003c/code\u003e in \u003ccode\u003egetManifest\u003c/code\u003e if it's provided (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1548\"\u003e#1548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/0355742c943ddb13ca8a6b700f824231caa91e75\"\u003e\u003ccode\u003e0355742\u003c/code\u003e\u003c/a\u003e Remove dummy NODE_AUTH_TOKEN export (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1558\"\u003e#1558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...820762786026740c76f36085b0efc47a31fe5020\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action/upload-sarif` from 3.26.6 to 4.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action/upload-sarif's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.37.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3956\"\u003e#3956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.1\"\u003e2.26.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/4019\"\u003e#4019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.37.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0\"\u003e2.26.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3995\"\u003e#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn addition to the existing input format, the \u003ccode\u003econfig-file\u003c/code\u003e input for the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step will soon support a new \u003ccode\u003e[owner/]repo[@ref][:path]\u003c/code\u003e format. All components except the repository name are optional. If omitted, \u003ccode\u003eowner\u003c/code\u003e defaults to the same owner as the repository the analysis is running for, \u003ccode\u003eref\u003c/code\u003e to \u003ccode\u003emain\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e to \u003ccode\u003e.github/codeql-action.yaml\u003c/code\u003e. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3973\"\u003e#3973\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.3\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action/upload-sarif's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.37.1 - 16 Jul 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3956\"\u003e#3956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.1\"\u003e2.26.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/4019\"\u003e#4019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.37.0 - 08 Jul 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0\"\u003e2.26.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3995\"\u003e#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn addition to the existing input format, the \u003ccode\u003econfig-file\u003c/code\u003e input for the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step will soon support a new \u003ccode\u003e[owner/]repo[@ref][:path]\u003c/code\u003e format. All components except the repository name are optional. If omitted, \u003ccode\u003eowner\u003c/code\u003e defaults to the same owner as the repository the analysis is running for, \u003ccode\u003eref\u003c/code\u003e to \u003ccode\u003emain\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e to \u003ccode\u003e.github/codeql-action.yaml\u003c/code\u003e. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3973\"\u003e#3973\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.3 - 01 Jul 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7188fc363630916deb702c7fdcf4e481b751f97a\"\u003e\u003ccode\u003e7188fc3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4020\"\u003e#4020\u003c/a\u003e from github/update-v4.37.1-9e7c07009\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c8b5f69be686908c3dfd844428137d56fe80c936\"\u003e\u003ccode\u003ec8b5f69\u003c/code\u003e\u003c/a\u003e Update changelog for v4.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e7c070092090e89e8b3d62f977d4456e0732cd7\"\u003e\u003ccode\u003e9e7c070\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4014\"\u003e#4014\u003c/a\u003e from github/mbg/explicit-remote-prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/3492b7e9ab96e28b1d8b971345d30e929c6f8fee\"\u003e\u003ccode\u003e3492b7e\u003c/code\u003e\u003c/a\u003e Change \u003ccode\u003eREMOTE_PATH_PREFIX\u003c/code\u003e to \u003ccode\u003eremote=\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/3654baa924bc6456db54002581cb7c1c877548c4\"\u003e\u003ccode\u003e3654baa\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/explicit-remote-prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2d682ac05f1b3588aaff3814826bede39b9ba6bb\"\u003e\u003ccode\u003e2d682ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4017\"\u003e#4017\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/23f6a50753a88efd9b7ae8687b29f6bdb65f6250\"\u003e\u003ccode\u003e23f6a50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4009\"\u003e#4009\u003c/a\u003e from github/mbg/action-state/additions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/1ee3c75d1988ab8621f01ebb165115c38d56df91\"\u003e\u003ccode\u003e1ee3c75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4018\"\u003e#4018\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e053684dc500899b0b5520edc8549ac0f1ed730b\"\u003e\u003ccode\u003ee053684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4015\"\u003e#4015\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-fd2e83...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6803c5671d2f87a83ed96e151c441b1cb3bdc66a\"\u003e\u003ccode\u003e6803c56\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4019\"\u003e#4019\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.26.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v3.26.6...7188fc363630916deb702c7fdcf4e481b751f97a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `taiki-e/install-action` from 2.83.0 to 2.83.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/taiki-e/install-action/releases\"\u003etaiki-e/install-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.83.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.29.10.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003euv@latest\u003c/code\u003e to 0.11.29.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003esyft@latest\u003c/code\u003e to 1.48.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.10.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-shear@latest\u003c/code\u003e to 1.13.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.83.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erelease-plz@latest\u003c/code\u003e to 0.3.160.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.9.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003edprint@latest\u003c/code\u003e to 0.55.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-dinghy@latest\u003c/code\u003e to 0.8.5.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-binstall@latest\u003c/code\u003e to 1.21.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ebiome@latest\u003c/code\u003e to 2.5.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.83.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eparse-dockerfile@latest\u003c/code\u003e to 0.1.8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.5.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ejust@latest\u003c/code\u003e to 1.56.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003egungraun-runner@latest\u003c/code\u003e to 0.19.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-neat@latest\u003c/code\u003e to 0.4.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.83.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-deny@latest\u003c/code\u003e to 0.20.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/07b4745e0c39a41822af610387492e3e53aa222b\"\u003e\u003ccode\u003e07b4745\u003c/code\u003e\u003c/a\u003e Release 2.83.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/43f637c917d864bbb9ef9c37d7d5c45cd588c8c8\"\u003e\u003ccode\u003e43f637c\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.29.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/bb5da8d1440c80663ca48dff1e59f70d60faaa65\"\u003e\u003ccode\u003ebb5da8d\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003euv@latest\u003c/code\u003e to 0.11.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/0648320db663f89e8a2d2845b8680912df153a22\"\u003e\u003ccode\u003e0648320\u003c/code\u003e\u003c/a\u003e Update tombi manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/ce1731c3f8f14122a8d3f6c56cdf2cf14d72b04d\"\u003e\u003ccode\u003ece1731c\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003esyft@latest\u003c/code\u003e to 1.48.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/fe5817c309cd74b845e25225c5db8b0510340841\"\u003e\u003ccode\u003efe5817c\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/0c794b58afcbd4ee6312bdb688c481cc1b217b62\"\u003e\u003ccode\u003e0c794b5\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/c6f8c88728f8f9161ae0a85ead5901ad614ff8c1\"\u003e\u003ccode\u003ec6f8c88\u003c/code\u003e\u003c/a\u003e Update kingfisher manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/2f6e9b366e05d1f138b2db26df9242521773afa9\"\u003e\u003ccode\u003e2f6e9b3\u003c/code\u003e\u003c/a\u003e Update cosign manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/107fc4ee1ac5c353a40c63fb2bcf567f93e2c57b\"\u003e\u003ccode\u003e107fc4e\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003ecargo-shear@latest\u003c/code\u003e to 1.13.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/taiki-e/install-action/compare/v2.83.0...v2.83.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 2.4.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions/attest to v4.1.1 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/858\"\u003eactions/attest-build-provenance#858\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate RELEASE.md docs by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/836\"\u003eactions/attest-build-provenance#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/attest\u003c/code\u003e from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/838\"\u003eactions/attest-build-provenance#838\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.0.0 to 3.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/362\"\u003eactions/attest#362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.1.0 to 3.2.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/365\"\u003eactions/attest#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new \u003ccode\u003esubject-version\u003c/code\u003e input for inclusion in storage record by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/364\"\u003eactions/attest#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd storage record content to README by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/366\"\u003eactions/attest#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0f67c3f4856b2e3261c31976d6725780e5e4c373\"\u003e\u003ccode\u003e0f67c3f\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.3 to 7.0.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/21b787db45d5d4b6fc776b99a247a6493082d1fd\"\u003e\u003ccode\u003e21b787d\u003c/code\u003e\u003c/a\u003e Update actions/attest to v4.1.1 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/f14352a605c57b0a66e0d49bba5825967f1dbedf\"\u003e\u003ccode\u003ef14352a\u003c/code\u003e\u003c/a\u003e add dependabot cooldown (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/851\"\u003e#851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/2c04a00460b64b4dfd062384e60ea87fa18e1728\"\u003e\u003ccode\u003e2c04a00\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.2 to 6.0.3 in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/10334b5f1e684784025c3fc0a277c88c19089275\"\u003e\u003ccode\u003e10334b5\u003c/code\u003e\u003c/a\u003e remove badges from README (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c5efebd311e9a809e832398ca2b73bb429ff3508\"\u003e\u003ccode\u003ec5efebd\u003c/code\u003e\u003c/a\u003e remove prober workflows (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...0f67c3f4856b2e3261c31976d6725780e5e4c373\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 4.6.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cp\u003e⚠️ Due to migration issues with keybase, we are unable to update our keys under the \u003ccode\u003ecodecovsecurity\u003c/code\u003e account. We have deleted the account and are using \u003ccode\u003ecodecovsecops\u003c/code\u003e with the original gpg key\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cp\u003eThis is a copy of the \u003ccode\u003ev7.0.0\u003c/code\u003e release to make updates easier\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.5\u003c/h2\u003e\n\u003cp\u003eThis release only contains the keybase.io change as described \u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1956\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e...\n\n_Description has been truncated_\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump GitHub Actions across all workflows to latest major versions\n\u003e Updates action pins across all CI/CD workflows to their latest releases. Key version changes include `actions/checkout` to v7.0.0, `actions/upload-artifact` to v7.0.1, `actions/download-artifact` to v8.0.1, `actions/setup-node` to v7.0.0, `actions/setup-dotnet` to v6.0.0, `actions/attest-build-provenance` to v4.1.1, `codecov/codecov-action` to v7.0.0, `actions/github-script` to v9.0.0, and `github/codeql-action` uploads to v3.27.0.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized cf95987.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/KooshaPari/sharecli/pull/287","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KooshaPari%2Fsharecli/issues/287","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/287/packages"},{"uuid":"4865303417","node_id":"PR_kwDOTOKI-87wq96f","number":13,"state":"closed","title":"chore(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-17T00:10:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-12T03:52:24.000Z","updated_at":"2026-07-17T00:10:58.000Z","time_to_close":418706,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kfat77/digital-nomad-cn/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kfat77%2Fdigital-nomad-cn/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4834663253","node_id":"PR_kwDOTRMGks7vIm4W","number":2,"state":"open","title":"build(deps): bump the github-actions group with 3 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-08T05:35:27.000Z","updated_at":"2026-07-08T05:37:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"github-actions","update_count":3,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/github-script](https://github.com/actions/github-script).\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we're treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 7 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/smorrisods/jira-tui/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smorrisods%2Fjira-tui/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4815360581","node_id":"PR_kwDOTNdoN87uJ0of","number":3,"state":"closed","title":"Bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-07-06T02:04:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-06T02:00:01.000Z","updated_at":"2026-07-06T02:04:11.000Z","time_to_close":243,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/yuseok-kim-edushare/Korea-cms-evidence-optimizer/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuseok-kim-edushare%2FKorea-cms-evidence-optimizer/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4811452125","node_id":"PR_kwDOS_o_7M7t-RDt","number":85,"state":"open","title":"chore(ci)(deps): bump the github-actions group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["type: ci","automated","dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-05T03:19:56.000Z","updated_at":"2026-07-05T03:26:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps): bump","group_name":"github-actions","update_count":8,"packages":[{"name":"actions/checkout","old_version":"6.0.3","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5.0.1","new_version":"6.1.0","repository_url":"https://github.com/actions/cache"},{"name":"oxsecurity/megalinter","old_version":"9.5.0","new_version":"9.6.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"docker/setup-buildx-action","old_version":"3.12.0","new_version":"4.2.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"6.19.2","new_version":"7.3.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/upload-code-coverage","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/actions/upload-code-coverage"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `6.1.0` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.2.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.3.0` |\n| [actions/upload-code-coverage](https://github.com/actions/upload-code-coverage) | `1.2.0` | `1.3.0` |\n\n\nUpdates `actions/checkout` from 6.0.3 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1768\"\u003eactions/cache#1768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/cache/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packages, migrate to ESM by \u003ca href=\"https://github.com/Samirat\"\u003e\u003ccode\u003e@​Samirat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1760\"\u003eactions/cache#1760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/cache/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1775\"\u003eactions/cache#1775\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.1.0\"\u003ehttps://github.com/actions/cache/compare/v5...v5.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e6.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v6.1.0 to pick up \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2435\"\u003eactions/toolkit#2435 Handle cache write error due to read-only token\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch redundant \u0026quot;Cache save failed\u0026quot; warning to debug log in save-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e6.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003e@actions/cache\u003c/code\u003e to ^6.0.1, \u003ccode\u003e@actions/core\u003c/code\u003e to ^3.0.1, \u003ccode\u003e@actions/exec\u003c/code\u003e to ^3.0.0, \u003ccode\u003e@actions/io\u003c/code\u003e to ^3.0.2\u003c/li\u003e\n\u003cli\u003eMigrated to ESM module system\u003c/li\u003e\n\u003cli\u003eUpgraded Jest to v30 and test infrastructure to be ESM compatible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003e\u003ccode\u003e55cc834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1768\"\u003e#1768\u003c/a\u003e from jasongin/readonly-cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337\"\u003e\u003ccode\u003ed8cd72f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle cache write error due to RO token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8\"\u003e\u003ccode\u003e2c8a9bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1760\"\u003e#1760\u003c/a\u003e from actions/samirat/esm_migration_and_package_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023\"\u003e\u003ccode\u003ee9b91fd\u003c/code\u003e\u003c/a\u003e Prettier fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb\"\u003e\u003ccode\u003ee4884b8\u003c/code\u003e\u003c/a\u003e Rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f\"\u003e\u003ccode\u003e10baf01\u003c/code\u003e\u003c/a\u003e Fixed licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37\"\u003e\u003ccode\u003ee39b386\u003c/code\u003e\u003c/a\u003e Fix test mock return order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06\"\u003e\u003ccode\u003eb692820\u003c/code\u003e\u003c/a\u003e PR feedback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1\"\u003e\u003ccode\u003e6074912\u003c/code\u003e\u003c/a\u003e Rebuild dist bundles as ESM to match type:module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e\"\u003e\u003ccode\u003e5a912e8\u003c/code\u003e\u003c/a\u003e Fix lint and jest issues\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v5.0.1...55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.5.0 to 9.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eENABLE_DISABLE_LINTERS_PRIORITY\u003c/code\u003e variable to let \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e override \u003ccode\u003eENABLE_LINTERS\u003c/code\u003e when a linter is in both lists (e.g. to trim an inherited \u003ccode\u003eENABLE_LINTERS\u003c/code\u003e list via \u003ccode\u003eEXTENDS\u003c/code\u003e), fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8296\"\u003e#8296\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eSARIF_TO_HUMAN\u003c/code\u003e producing empty linter logs when the bundled \u003ccode\u003esarif-fmt\u003c/code\u003e binary crashes by building it from source on Alpine and falling back to raw SARIF on conversion failure (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8294\"\u003e#8294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKeep the Docker Pulls badge in \u003ccode\u003edocs/index.md\u003c/code\u003e in sync by having \u003ccode\u003edocker_stats.py\u003c/code\u003e also update the hardcoded badge total in \u003ccode\u003e.automation/build.py\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix per-linter Docker images being published single-arch. The BETA and RELEASE linter workflows split each linter into independent per-platform jobs that all pushed the same tag (\u003ccode\u003e:beta\u003c/code\u003e, \u003ccode\u003e:v9\u003c/code\u003e, \u003ccode\u003e:vX.Y.Z\u003c/code\u003e, \u003ccode\u003e:latest\u003c/code\u003e), so the last push won and overwrote the other architecture. They now push each platform by digest and a dedicated merge job assembles a proper multi-arch manifest list per linter, restoring linux/amd64 + linux/arm64 support for \u003ccode\u003emegalinter-only-*\u003c/code\u003e images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/pyright\"\u003epyright\u003c/a\u003e from 1.1.410 to \u003cstrong\u003e1.1.411\u003c/strong\u003e on 2026-06-28\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003e\u003ccode\u003eef3e84b\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8b9259bc485e515ea49a8499d977ea33feaa0dfc\"\u003e\u003ccode\u003e8b9259b\u003c/code\u003e\u003c/a\u003e Skill prepare-release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8245\"\u003e#8245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5810155bf0b4ec19e4024a4cdf6dd30c005f4385\"\u003e\u003ccode\u003e5810155\u003c/code\u003e\u003c/a\u003e chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/aca415ce26db68e09cb01c4c285224c6e1ca0509\"\u003e\u003ccode\u003eaca415c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency semver to v7.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8198\"\u003e#8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/2d8b2746081f6e65e10b938edf1f3ea4f1a07c4d\"\u003e\u003ccode\u003e2d8b274\u003c/code\u003e\u003c/a\u003e Remove max-parallel for linters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e9ab3e93ab1f0259302d98529aa6dc04b140c640\"\u003e\u003ccode\u003ee9ab3e9\u003c/code\u003e\u003c/a\u003e chore(ci): manual run of deploy linters beta job (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8242\"\u003e#8242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a8a636841baaf381cc89769d07ff7eb89aacc8b5\"\u003e\u003ccode\u003ea8a6368\u003c/code\u003e\u003c/a\u003e Changelog (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8241\"\u003e#8241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7f363c6a36174f3850c9c22bb4a1b321fcd7c9bf\"\u003e\u003ccode\u003e7f363c6\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8215\"\u003e#8215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bce5232d6c78c7f00af6ec4a33649cceabeab478\"\u003e\u003ccode\u003ebce5232\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8232\"\u003e#8232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d98266cb441657dac9a3d9bee424ba3b1b0aed7\"\u003e\u003ccode\u003e9d98266\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency realm/swiftlint to v0.65.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8240\"\u003e#8240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7...ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.9.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.12.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve names in esbuild bundle by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/572\"\u003edocker/setup-buildx-action#572\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/551\"\u003edocker/setup-buildx-action#551\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.90.0 to 0.92.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/557\"\u003edocker/setup-buildx-action#557\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/580\"\u003edocker/setup-buildx-action#580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​sigstore/core\u003c/code\u003e from 3.1.0 to 3.2.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/573\"\u003edocker/setup-buildx-action#573\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​sigstore/verify\u003c/code\u003e from 3.1.0 to 3.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/576\"\u003edocker/setup-buildx-action#576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.1 to 5.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/562\"\u003edocker/setup-buildx-action#562\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump sigstore from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/577\"\u003edocker/setup-buildx-action#577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.7 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/556\"\u003edocker/setup-buildx-action#556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.25.0 to 6.27.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/570\"\u003edocker/setup-buildx-action#570\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.2 to 7.3.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/569\"\u003edocker/setup-buildx-action#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/bb05f3f5519dd87d3ba754cc423b652a5edd6d2c\"\u003e\u003ccode\u003ebb05f3f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/580\"\u003e#580\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/321c814cb51fbe4af8eca00249525cc0973ea66f\"\u003e\u003ccode\u003e321c814\u003c/code\u003e\u003c/a\u003e [dependabot skip] chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b9a36ef79ba42cfc611885a1e8c388fbf8b8cb3f\"\u003e\u003ccode\u003eb9a36ef\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.91.0 to 0.92.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/ebeab241289497cd564ac98b3cfc9e64607bb276\"\u003e\u003ccode\u003eebeab24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/570\"\u003e#570\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/5c7b8ae78cec97a3215d4d86679b1d072eaa80cb\"\u003e\u003ccode\u003e5c7b8ae\u003c/code\u003e\u003c/a\u003e [dependabot skip] chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/037e618cd98e95e81525b15ff0e9c96f507e6a0e\"\u003e\u003ccode\u003e037e618\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.25.0 to 6.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/66080e5802281ec2e72b7f3108915643e702db85\"\u003e\u003ccode\u003e66080e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/577\"\u003e#577\u003c/a\u003e from docker/dependabot/npm_and_yarn/sigstore-4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/409aef0aa3f48f0a742e7dec4e0e04ab19afe93c\"\u003e\u003ccode\u003e409aef0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/562\"\u003e#562\u003c/a\u003e from docker/dependabot/npm_and_yarn/js-yaml-4.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/49c6e42949280fa0d70fb327633591be54efbfb6\"\u003e\u003ccode\u003e49c6e42\u003c/code\u003e\u003c/a\u003e build(deps): bump sigstore from 4.1.0 to 4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/2211273e8121ecf9ecb7d6c7c0fcd55526d530c7\"\u003e\u003ccode\u003e2211273\u003c/code\u003e\u003c/a\u003e [dependabot skip] chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...bb05f3f5519dd87d3ba754cc423b652a5edd6d2c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 6.19.2 to 7.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve names in esbuild bundle by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1567\"\u003edocker/build-push-action#1567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.90.0 to 0.92.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1545\"\u003edocker/build-push-action#1545\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1572\"\u003edocker/build-push-action#1572\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​sigstore/core\u003c/code\u003e from 3.1.0 to 3.2.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1568\"\u003edocker/build-push-action#1568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.1 to 4.3.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1566\"\u003edocker/build-push-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1547\"\u003edocker/build-push-action#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.24.1 to 6.27.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1564\"\u003edocker/build-push-action#1564\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.2 to 7.3.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1563\"\u003edocker/build-push-action#1563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.2.0...v7.3.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.2.0...v7.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGit context \u003ca href=\"https://docs.docker.com/build/concepts/context/#url-queries\"\u003equery format\u003c/a\u003e support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.87.0 by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1500\"\u003edocker/build-push-action#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.5.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1489\"\u003edocker/build-push-action#1489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1491\"\u003edocker/build-push-action#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1490\"\u003edocker/build-push-action#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1497\"\u003edocker/build-push-action#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1510\"\u003edocker/build-push-action#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1496\"\u003edocker/build-push-action#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1486\"\u003edocker/build-push-action#1486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1509\"\u003edocker/build-push-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 ...\n\n_Description has been truncated_","html_url":"https://github.com/SinLess-Games/Aerealith/pull/85","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SinLess-Games%2FAerealith/issues/85","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/85/packages"},{"uuid":"4810995119","node_id":"PR_kwDOTGiDBs7t85a6","number":13,"state":"closed","title":"chore(actions)(deps): bump actions/github-script from 7.0.1 to 9.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-05T00:18:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-05T00:15:30.000Z","updated_at":"2026-07-05T00:18:41.000Z","time_to_close":189,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(actions)(deps)","packages":[{"name":"actions/github-script","old_version":"7.0.1","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 9.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/60a0d83039c74a4aee543508d2ffcb1c3799cdea...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7.0.1\u0026new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/airdropp20208-star/hermes-omni/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/airdropp20208-star%2Fhermes-omni/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4810841730","node_id":"PR_kwDOTMznws7t8b5G","number":8,"state":"open","title":"Bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-04T23:06:20.000Z","updated_at":"2026-07-04T23:07:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated an automated workflow action to a newer version for improved reliability and compatibility.\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/LandonTomaine/PlanetExpressPoker/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LandonTomaine%2FPlanetExpressPoker/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4806689335","node_id":"PR_kwDOS_o_7M7tv1xn","number":41,"state":"open","title":"chore(ci)(deps): bump the github-actions group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["type: security","type: ci","automated","dependencies"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-03T22:41:16.000Z","updated_at":"2026-07-03T22:45:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps): bump","group_name":"github-actions","update_count":7,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5","new_version":"6","repository_url":"https://github.com/actions/cache"},{"name":"oxsecurity/megalinter","old_version":"9.5.0","new_version":"9.6.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"actions/dependency-review-action","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"docker/setup-buildx-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"6","new_version":"7","repository_url":"https://github.com/docker/build-push-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |\n| [actions/cache](https://github.com/actions/cache) | `5` | `6` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8` | `9` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4` | `5` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |\n\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packages, migrate to ESM by \u003ca href=\"https://github.com/Samirat\"\u003e\u003ccode\u003e@​Samirat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1760\"\u003eactions/cache#1760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/cache/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1775\"\u003eactions/cache#1775\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.1.0\"\u003ehttps://github.com/actions/cache/compare/v5...v5.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e6.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v6.1.0 to pick up \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2435\"\u003eactions/toolkit#2435 Handle cache write error due to read-only token\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch redundant \u0026quot;Cache save failed\u0026quot; warning to debug log in save-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e6.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003e@actions/cache\u003c/code\u003e to ^6.0.1, \u003ccode\u003e@actions/core\u003c/code\u003e to ^3.0.1, \u003ccode\u003e@actions/exec\u003c/code\u003e to ^3.0.0, \u003ccode\u003e@actions/io\u003c/code\u003e to ^3.0.2\u003c/li\u003e\n\u003cli\u003eMigrated to ESM module system\u003c/li\u003e\n\u003cli\u003eUpgraded Jest to v30 and test infrastructure to be ESM compatible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003e\u003ccode\u003e55cc834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1768\"\u003e#1768\u003c/a\u003e from jasongin/readonly-cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337\"\u003e\u003ccode\u003ed8cd72f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle cache write error due to RO token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8\"\u003e\u003ccode\u003e2c8a9bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1760\"\u003e#1760\u003c/a\u003e from actions/samirat/esm_migration_and_package_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023\"\u003e\u003ccode\u003ee9b91fd\u003c/code\u003e\u003c/a\u003e Prettier fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb\"\u003e\u003ccode\u003ee4884b8\u003c/code\u003e\u003c/a\u003e Rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f\"\u003e\u003ccode\u003e10baf01\u003c/code\u003e\u003c/a\u003e Fixed licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37\"\u003e\u003ccode\u003ee39b386\u003c/code\u003e\u003c/a\u003e Fix test mock return order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06\"\u003e\u003ccode\u003eb692820\u003c/code\u003e\u003c/a\u003e PR feedback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1\"\u003e\u003ccode\u003e6074912\u003c/code\u003e\u003c/a\u003e Rebuild dist bundles as ESM to match type:module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e\"\u003e\u003ccode\u003e5a912e8\u003c/code\u003e\u003c/a\u003e Fix lint and jest issues\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v5...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.5.0 to 9.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v9.6.0] - 2026-06-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003e\u003ccode\u003eef3e84b\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8b9259bc485e515ea49a8499d977ea33feaa0dfc\"\u003e\u003ccode\u003e8b9259b\u003c/code\u003e\u003c/a\u003e Skill prepare-release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8245\"\u003e#8245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5810155bf0b4ec19e4024a4cdf6dd30c005f4385\"\u003e\u003ccode\u003e5810155\u003c/code\u003e\u003c/a\u003e chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/aca415ce26db68e09cb01c4c285224c6e1ca0509\"\u003e\u003ccode\u003eaca415c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency semver to v7.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8198\"\u003e#8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/2d8b2746081f6e65e10b938edf1f3ea4f1a07c4d\"\u003e\u003ccode\u003e2d8b274\u003c/code\u003e\u003c/a\u003e Remove max-parallel for linters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e9ab3e93ab1f0259302d98529aa6dc04b140c640\"\u003e\u003ccode\u003ee9ab3e9\u003c/code\u003e\u003c/a\u003e chore(ci): manual run of deploy linters beta job (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8242\"\u003e#8242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a8a636841baaf381cc89769d07ff7eb89aacc8b5\"\u003e\u003ccode\u003ea8a6368\u003c/code\u003e\u003c/a\u003e Changelog (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8241\"\u003e#8241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7f363c6a36174f3850c9c22bb4a1b321fcd7c9bf\"\u003e\u003ccode\u003e7f363c6\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8215\"\u003e#8215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bce5232d6c78c7f00af6ec4a33649cceabeab478\"\u003e\u003ccode\u003ebce5232\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8232\"\u003e#8232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d98266cb441657dac9a3d9bee424ba3b1b0aed7\"\u003e\u003ccode\u003e9d98266\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency realm/swiftlint to v0.65.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8240\"\u003e#8240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/v9.5.0...v9.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4 to 5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.8.3\u003c/h2\u003e\n\u003ch2\u003eDependency Review Action v4.8.3\u003c/h2\u003e\n\u003cp\u003eThis is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.\u003c/p\u003e\n\u003cp\u003eWe have also updated the release process to use a long-lived \u003ccode\u003ev4\u003c/code\u003e \u003cstrong\u003ebranch\u003c/strong\u003e for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Actions can't push to our protected main by \u003ca href=\"https://github.com/dangoor\"\u003e\u003ccode\u003e@​dangoor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1017\"\u003eactions/dependency-review-action#1017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 9.1.0 to 10.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/995\"\u003eactions/dependency-review-action#995\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional comm...\n\n_Description has been truncated_","html_url":"https://github.com/SinLess-Games/Aerealith/pull/41","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SinLess-Games%2FAerealith/issues/41","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/41/packages"},{"uuid":"4806589713","node_id":"PR_kwDOS_o_7M7tvhHV","number":40,"state":"closed","title":"chore(ci)(deps): bump the github-actions group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["type: security","type: ci","automated","dependencies"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":"2026-07-03T22:41:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-03T22:15:18.000Z","updated_at":"2026-07-03T22:41:08.000Z","time_to_close":1549,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps): bump","group_name":"github-actions","update_count":8,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5","new_version":"6","repository_url":"https://github.com/actions/cache"},{"name":"oxsecurity/megalinter","old_version":"9.5.0","new_version":"9.6.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"actions/dependency-review-action","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"docker/setup-buildx-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"6","new_version":"7","repository_url":"https://github.com/docker/build-push-action"},{"name":"cloudflare/wrangler-action","old_version":"3","new_version":"4","repository_url":"https://github.com/cloudflare/wrangler-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |\n| [actions/cache](https://github.com/actions/cache) | `5` | `6` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8` | `9` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4` | `5` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |\n| [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) | `3` | `4` |\n\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packages, migrate to ESM by \u003ca href=\"https://github.com/Samirat\"\u003e\u003ccode\u003e@​Samirat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1760\"\u003eactions/cache#1760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/cache/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1775\"\u003eactions/cache#1775\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.1.0\"\u003ehttps://github.com/actions/cache/compare/v5...v5.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e6.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v6.1.0 to pick up \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2435\"\u003eactions/toolkit#2435 Handle cache write error due to read-only token\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch redundant \u0026quot;Cache save failed\u0026quot; warning to debug log in save-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e6.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003e@actions/cache\u003c/code\u003e to ^6.0.1, \u003ccode\u003e@actions/core\u003c/code\u003e to ^3.0.1, \u003ccode\u003e@actions/exec\u003c/code\u003e to ^3.0.0, \u003ccode\u003e@actions/io\u003c/code\u003e to ^3.0.2\u003c/li\u003e\n\u003cli\u003eMigrated to ESM module system\u003c/li\u003e\n\u003cli\u003eUpgraded Jest to v30 and test infrastructure to be ESM compatible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003e\u003ccode\u003e55cc834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1768\"\u003e#1768\u003c/a\u003e from jasongin/readonly-cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337\"\u003e\u003ccode\u003ed8cd72f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle cache write error due to RO token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8\"\u003e\u003ccode\u003e2c8a9bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1760\"\u003e#1760\u003c/a\u003e from actions/samirat/esm_migration_and_package_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023\"\u003e\u003ccode\u003ee9b91fd\u003c/code\u003e\u003c/a\u003e Prettier fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb\"\u003e\u003ccode\u003ee4884b8\u003c/code\u003e\u003c/a\u003e Rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f\"\u003e\u003ccode\u003e10baf01\u003c/code\u003e\u003c/a\u003e Fixed licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37\"\u003e\u003ccode\u003ee39b386\u003c/code\u003e\u003c/a\u003e Fix test mock return order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06\"\u003e\u003ccode\u003eb692820\u003c/code\u003e\u003c/a\u003e PR feedback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1\"\u003e\u003ccode\u003e6074912\u003c/code\u003e\u003c/a\u003e Rebuild dist bundles as ESM to match type:module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e\"\u003e\u003ccode\u003e5a912e8\u003c/code\u003e\u003c/a\u003e Fix lint and jest issues\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v5...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.5.0 to 9.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v9.6.0] - 2026-06-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003e\u003ccode\u003eef3e84b\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8b9259bc485e515ea49a8499d977ea33feaa0dfc\"\u003e\u003ccode\u003e8b9259b\u003c/code\u003e\u003c/a\u003e Skill prepare-release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8245\"\u003e#8245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5810155bf0b4ec19e4024a4cdf6dd30c005f4385\"\u003e\u003ccode\u003e5810155\u003c/code\u003e\u003c/a\u003e chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/aca415ce26db68e09cb01c4c285224c6e1ca0509\"\u003e\u003ccode\u003eaca415c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency semver to v7.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8198\"\u003e#8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/2d8b2746081f6e65e10b938edf1f3ea4f1a07c4d\"\u003e\u003ccode\u003e2d8b274\u003c/code\u003e\u003c/a\u003e Remove max-parallel for linters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e9ab3e93ab1f0259302d98529aa6dc04b140c640\"\u003e\u003ccode\u003ee9ab3e9\u003c/code\u003e\u003c/a\u003e chore(ci): manual run of deploy linters beta job (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8242\"\u003e#8242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a8a636841baaf381cc89769d07ff7eb89aacc8b5\"\u003e\u003ccode\u003ea8a6368\u003c/code\u003e\u003c/a\u003e Changelog (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8241\"\u003e#8241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7f363c6a36174f3850c9c22bb4a1b321fcd7c9bf\"\u003e\u003ccode\u003e7f363c6\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8215\"\u003e#8215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bce5232d6c78c7f00af6ec4a33649cceabeab478\"\u003e\u003ccode\u003ebce5232\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8232\"\u003e#8232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d98266cb441657dac9a3d9bee424ba3b1b0aed7\"\u003e\u003ccode\u003e9d98266\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency realm/swiftlint to v0.65.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8240\"\u003e#8240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/v9.5.0...v9.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4 to 5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.8.3\u003c/h2\u003e\n\u003ch2\u003eDependency Review Action v4.8.3\u003c/h2\u003e\n\u003cp\u003eThis is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.\u003c/p\u003e\n\u003cp\u003eWe have also updated the release process to use a long-lived \u003ccode\u003ev4\u003c/code\u003e \u003cstrong\u003ebranch\u003c/strong\u003e for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Actions can't push to our protected main by \u003ca href=\"https://github.com/dangoor\"\u003e\u003ccode\u003e@​dangoor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1017\"\u003eactions/dependency-review-action#1017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 9.1.0 to 10.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/995\"\u003eactions/dependency-review-action#995\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-r...\n\n_Description has been truncated_","html_url":"https://github.com/SinLess-Games/Aerealith/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SinLess-Games%2FAerealith/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"},{"uuid":"4806515649","node_id":"PR_kwDOQW23es7tvSFY","number":188,"state":"open","title":"chore(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-03T21:56:42.000Z","updated_at":"2026-07-03T21:56:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/arielwernick/virtual_bookshelf/pull/188","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arielwernick%2Fvirtual_bookshelf/issues/188","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/188/packages"},{"uuid":"4790448658","node_id":"PR_kwDOS1kzZ87s7BXj","number":76,"state":"open","title":"chore(deps): bump the actions group across 1 directory with 15 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-02T01:26:35.000Z","updated_at":"2026-07-02T01:26:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":15,"packages":[{"name":"actions/checkout","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"4","new_version":"6","repository_url":"https://github.com/actions/setup-node"},{"name":"stefanzweifel/git-auto-commit-action","old_version":"5","new_version":"7","repository_url":"https://github.com/stefanzweifel/git-auto-commit-action"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"softprops/action-gh-release","old_version":"2","new_version":"3","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"hadolint/hadolint-action","old_version":"3.1.0","new_version":"3.3.0","repository_url":"https://github.com/hadolint/hadolint-action"},{"name":"codecov/codecov-action","old_version":"4","new_version":"7","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/download-artifact","old_version":"4","new_version":"8","repository_url":"https://github.com/actions/download-artifact"},{"name":"docker/setup-buildx-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/login-action"},{"name":"docker/build-push-action","old_version":"6","new_version":"7","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/upload-pages-artifact","old_version":"3","new_version":"5","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/deploy-pages"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"peter-evans/create-pull-request","old_version":"6","new_version":"8","repository_url":"https://github.com/peter-evans/create-pull-request"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4` | `7` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |\n| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `5` | `7` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` |\n| [hadolint/hadolint-action](https://github.com/hadolint/hadolint-action) | `3.1.0` | `3.3.0` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `7` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |\n| [docker/login-action](https://github.com/docker/login-action) | `3` | `4` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `5` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4` | `5` |\n| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |\n| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6` | `8` |\n\n\nUpdates `actions/checkout` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking Changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLimit automatic caching to npm, update workflows and documentation by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1374\"\u003eactions/setup-node#1374\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDependency Upgrades\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1336\"\u003e#1336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 2.8.8 to 3.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1334\"\u003e#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/publish-action from 0.3.0 to 0.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1362\"\u003e#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/setup-node/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhance caching in setup-node with automatic package manager detection by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1348\"\u003eactions/setup-node#1348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis update, introduces automatic caching when a valid \u003ccode\u003epackageManager\u003c/code\u003e field is present in your \u003ccode\u003epackage.json\u003c/code\u003e. This aims to improve workflow performance and make dependency management more seamless.\nTo disable this automatic caching, set \u003ccode\u003epackage-manager-cache: false\u003c/code\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003esteps:\r\n- uses: actions/checkout@v5\r\n- uses: actions/setup-node@v5\r\n  with:\r\n    package-manager-cache: false\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade action to use node24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1325\"\u003eactions/setup-node#1325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eSee Release Notes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​octokit/request-error\u003c/code\u003e and \u003ccode\u003e@​actions/github\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1227\"\u003eactions/setup-node#1227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade uuid from 9.0.1 to 11.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1273\"\u003eactions/setup-node#1273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.5 to 5.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1295\"\u003eactions/setup-node#1295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to bring in fix for critical vulnerability by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1332\"\u003eactions/setup-node#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1345\"\u003eactions/setup-node#1345\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1348\"\u003eactions/setup-node#1348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1325\"\u003eactions/setup-node#1325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/setup-node/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/v4...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `stefanzweifel/git-auto-commit-action` from 5 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/releases\"\u003estefanzweifel/git-auto-commit-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore skip_fetch, skip_checkout, create_branch (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388\"\u003e#388\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestore Detached State Detection (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393\"\u003e#393\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Support for Tag Messages (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391\"\u003e#391\u003c/a\u003e) \u003ca href=\"https://github.com/@EliasBoulharts\"\u003e\u003ccode\u003e@​EliasBoulharts\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRun Action on Node 24 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389\"\u003e#389\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386\"\u003e#386\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable Check if Repo is in Detached State (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379\"\u003e#379\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThrow error early if repository is in a detached state (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357\"\u003e#357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix PAT instructions with Dependabot (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376\"\u003e#376\u003c/a\u003e) \u003ca href=\"https://github.com/@Dreamsorcerer\"\u003e\u003ccode\u003e@​Dreamsorcerer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for \u003ccode\u003ecreate_branch\u003c/code\u003e, \u003ccode\u003eskip_checkout\u003c/code\u003e, \u003ccode\u003eskip_Fetch\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ecreate_git_tag_only\u003c/code\u003e option to skip commiting and always create a git-tag. (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364\"\u003e#364\u003c/a\u003e) \u003ca href=\"https://github.com/@zMynxx\"\u003e\u003ccode\u003e@​zMynxx\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Test for \u003ccode\u003ecreate_git_tag_only\u003c/code\u003e feature (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367\"\u003e#367\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Update README.md per \u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354\"\u003e#354\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361\"\u003e#361\u003c/a\u003e) \u003ca href=\"https://github.com/@rasa\"\u003e\u003ccode\u003e@​rasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInclude \u003ccode\u003egithub.actor_id\u003c/code\u003e in default \u003ccode\u003ecommit_author\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/354\"\u003e#354\u003c/a\u003e) \u003ca href=\"https://github.com/@parkerbxyz\"\u003e\u003ccode\u003e@​parkerbxyz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md\"\u003estefanzweifel/git-auto-commit-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...v7.1.0\"\u003ev7.1.0\u003c/a\u003e - 2025-12-17\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd skip_push input option (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/401\"\u003e#401\u003c/a\u003e) \u003ca href=\"https://github.com/@kvanzuijlen\"\u003e\u003ccode\u003e@​kvanzuijlen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: fix typo in README.md (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/400\"\u003e#400\u003c/a\u003e) \u003ca href=\"https://github.com/@GideonBear\"\u003e\u003ccode\u003e@​GideonBear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/399\"\u003e#399\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump bats from 1.12.0 to 1.13.0 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/398\"\u003e#398\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...v7.0.0\"\u003ev7.0.0\u003c/a\u003e - 2025-10-12\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore skip_fetch, skip_checkout, create_branch (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388\"\u003e#388\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestore Detached State Detection (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393\"\u003e#393\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Support for Tag Messages (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391\"\u003e#391\u003c/a\u003e) \u003ca href=\"https://github.com/@EliasBoulharts\"\u003e\u003ccode\u003e@​EliasBoulharts\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun Action on Node 24 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389\"\u003e#389\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386\"\u003e#386\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1\"\u003ev6.0.1\u003c/a\u003e - 2025-06-11\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable Check if Repo is in Detached State (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379\"\u003e#379\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0\"\u003ev6.0.0\u003c/a\u003e - 2025-06-10\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow error early if repository is in a detached state (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357\"\u003e#357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PAT instructions with Dependabot (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376\"\u003e#376\u003c/a\u003e) \u003ca href=\"https://github.com/@Dreamsorcerer\"\u003e\u003ccode\u003e@​Dreamsorcerer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for \u003ccode\u003ecreate_branch\u003c/code\u003e, \u003ccode\u003eskip_checkout\u003c/code\u003e, \u003ccode\u003eskip_Fetch\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/4a55954c782fc1ea30b9056cd3e7a2b40ca8887d\"\u003e\u003ccode\u003e4a55954\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/9f6c933320c44425cf7ea45b6e16bfe90e271fa0\"\u003e\u003ccode\u003e9f6c933\u003c/code\u003e\u003c/a\u003e Add hooks to run shell snippets around git operations (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/411\"\u003e#411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/c365a749b49f73199b8f7125f4d4ab6dfac90802\"\u003e\u003ccode\u003ec365a74\u003c/code\u003e\u003c/a\u003e Emit warning for pull_request_target trigger usage (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/d28176c21fcd0cb43d5b5cf374322d8956224019\"\u003e\u003ccode\u003ed28176c\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6 to 7 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/409\"\u003e#409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/25df622d80fcf2b5fb70bfa5b4ec0871f574881a\"\u003e\u003ccode\u003e25df622\u003c/code\u003e\u003c/a\u003e Add EXAMPLES.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/32e98448120552541e630c7992836985b7c00748\"\u003e\u003ccode\u003e32e9844\u003c/code\u003e\u003c/a\u003e docs(action): fix input and output descriptions in action.yml (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/406\"\u003e#406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/a3ed46f7fde121393bfde63d43ae6c1d306b212d\"\u003e\u003ccode\u003ea3ed46f\u003c/code\u003e\u003c/a\u003e docs: fix typos, grammar, and formatting across markdown files (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/408\"\u003e#408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/b4d688c2241cae5a43003f0a0108bae3b3f25146\"\u003e\u003ccode\u003eb4d688c\u003c/code\u003e\u003c/a\u003e docs: fix broken and redirecting URLs in README.md (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/407\"\u003e#407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/f53a62c26ed5971dd2ed8768e4142f08c767ea37\"\u003e\u003ccode\u003ef53a62c\u003c/code\u003e\u003c/a\u003e README: clearify meaning of the repository field (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/4fc4bbf34c756a23fa53d40bc01e8ddd276d51b9\"\u003e\u003ccode\u003e4fc4bbf\u003c/code\u003e\u003c/a\u003e Bump release-drafter/release-drafter from 6 to 7 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v5...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we're treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2 to 3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix issue with multiple runs concatenating release bodies \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/145\"\u003e#145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/718ea10b132b3b2eba29c1007bb80653f286566b\"\u003e\u003ccode\u003e718ea10\u003c/code\u003e\u003c/a\u003e release 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/f1a938b9d84ca9b770d0d8dfeb3e7285fe261e63\"\u003e\u003ccode\u003ef1a938b\u003c/code\u003e\u003c/a\u003e chore(deps): bump esbuild from 0.28.0 to 0.28.1 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/802\"\u003e#802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/0066ead0de7252b4876b36b5357fc3974619d36a\"\u003e\u003ccode\u003e0066ead\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.14 to 8.0.16 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/806\"\u003e#806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/dc643cac6252aaa00c9b0b6c940d489cd7bf6b23\"\u003e\u003ccode\u003edc643ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 3 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/805\"\u003e#805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/85ee99b6b20742a3823a8a289ee5e6ceab44e8aa\"\u003e\u003ccode\u003e85ee99b\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout in the github-actions group (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/804\"\u003e#804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/9ed3cf9a6863b31f005d951c8d19de20628cf4eb\"\u003e\u003ccode\u003e9ed3cf9\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 2 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/800\"\u003e#800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3efcac8951299998593f871640ea8059d6818655\"\u003e\u003ccode\u003e3efcac8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 3 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/798\"\u003e#798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/05d6b9164aa74958de40b0179d6a773112fcdc7f\"\u003e\u003ccode\u003e05d6b91\u003c/code\u003e\u003c/a\u003e chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/797\"\u003e#797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/403a5240f3837fa857f642062e05aad6bb3391ca\"\u003e\u003ccode\u003e403a524\u003c/code\u003e\u003c/a\u003e chore(deps): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.12.2 to 24.12.3 in the npm group (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/437e073e786973c6b6af97d9e445c41ae43b1d29\"\u003e\u003ccode\u003e437e073\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 4 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/792\"\u003e#792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hadolint/hadolint-action` from 3.1.0 to 3.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hadolint/hadolint-action/releases\"\u003ehadolint/hadolint-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.3.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/compare/v3.2.0...v3.3.0\"\u003e3.3.0\u003c/a\u003e (2025-09-22)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003etrigger release workflow (\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/2332a7b74a6de0dda2e2221d575162eba76ba5e5\"\u003e2332a7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/compare/v3.1.0...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2025-09-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enew minor release (\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3fc49fb50d59c6ab7917a2e4195dba633e515b29\"\u003e3fc49fb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/2332a7b74a6de0dda2e2221d575162eba76ba5e5\"\u003e\u003ccode\u003e2332a7b\u003c/code\u003e\u003c/a\u003e feat: trigger release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/2bfd2b95f895100db2ca84c3054a8ce50f1fc611\"\u003e\u003ccode\u003e2bfd2b9\u003c/code\u003e\u003c/a\u003e Don't trigger release workflow on Tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/0931ae097296863e5f188b8c6a0c5f9b95f79793\"\u003e\u003ccode\u003e0931ae0\u003c/code\u003e\u003c/a\u003e Release v3.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3fc49fb50d59c6ab7917a2e4195dba633e515b29\"\u003e\u003ccode\u003e3fc49fb\u003c/code\u003e\u003c/a\u003e feat: new minor release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/45eb072a0b555fab4dfc5b7f863a41b150431d11\"\u003e\u003ccode\u003e45eb072\u003c/code\u003e\u003c/a\u003e Trigger release workflow on tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/97f3e4f6bea3e14583def682306d106f07ccfe75\"\u003e\u003ccode\u003e97f3e4f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hadolint/hadolint-action/issues/94\"\u003e#94\u003c/a\u003e from felipecrs/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3e9a095cc7001116bae7f7d2d89ef20b1156aa25\"\u003e\u003ccode\u003e3e9a095\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3285327e7ad2e137653f6da3d6640d30c05b9e1d\"\u003e\u003ccode\u003e3285327\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hadolint/hadolint-action/issues/96\"\u003e#96\u003c/a\u003e from m-ildefons/update-ci-yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/8bde06f9ce374f8d841c43a38da556483c397f32\"\u003e\u003ccode\u003e8bde06f\u003c/code\u003e\u003c/a\u003e Update CI yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/24598f413ebc646232a0218bac5e314f7a8632ce\"\u003e\u003ccode\u003e24598f4\u003c/code\u003e\u003c/a\u003e Update base image for Hadolint\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hadolint/hadolint-action/compare/v3.1.0...v3.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cp\u003e⚠️ Due to migration issues with keybase, we are unable to update our keys under the \u003ccode\u003ecodecovsecurity\u003c/code\u003e account. We have deleted the account and are using \u003ccode\u003ecodecovsecops\u003c/code\u003e with the original gpg key\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cp\u003eThis is a copy of the \u003ccode\u003ev7.0.0\u003c/code\u003e release to make updates easier\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.5\u003c/h2\u003e\n\u003cp\u003eThis release only contains the keybase.io change as described \u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1956\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/fb8b3582c8e4def4969c97caa2f19720cb33a72f\"\u003e\u003ccode\u003efb8b358\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1957\"\u003e#1957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/ca0a928a4cb3911011e868128a5cd90437c12db1\"\u003e\u003ccode\u003eca0a928\u003c/code\u003e\u003c/a\u003e ci: remove Enforce License Compliance workflow (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003e\u003ccode\u003e57e3a13\u003c/code\u003e\u003c/a\u003e Th/6.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1928\"\u003e#1928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/f67d33dda8a42b51c42a8318a1f66468119e898b\"\u003e\u003ccode\u003ef67d33d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/75cd11691c0faa626561e295848008c8a7dddffe\"\u003e\u003ccode\u003e75cd116\u003c/code\u003e\u003c/a\u003e chore(release): 5.5.4 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1927\"\u003e#1927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/87d39f4a2cec2673cf9505764fb20a38792ea722\"\u003e\u003ccode\u003e87d39f4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/1af58845a975a7985b0beb0cbe6fbbb71a41dbad\"\u003e\u003ccode\u003e1af5884\u003c/code\u003e\u003c/a\u003e chore(release): bump to 5.5.3 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1922\"\u003e#1922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/c143300dea6c9a730986ff862c5bf4d458927ef8\"\u003e\u003ccode\u003ec143300\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1874\"\u003e#1874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/codecov/codecov-action/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4 to 8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactio...\n\n_Description has been truncated_","html_url":"https://github.com/edithatogo/nlp-policy-nz/pull/76","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/edithatogo%2Fnlp-policy-nz/issues/76","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/76/packages"},{"uuid":"4790327385","node_id":"PR_kwDOS1kAFc7s6p4z","number":11,"state":"open","title":"Bump actions/github-script from 8 to 9","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-02T00:56:54.000Z","updated_at":"2026-07-02T00:59:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=8\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Data-Insight-Solutions/Reckons.AI/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Data-Insight-Solutions%2FReckons.AI/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4781899406","node_id":"PR_kwDORT7jw87sfBic","number":47,"state":"open","title":"build(deps): bump the actions group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["skip issue","skip news"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T02:35:31.000Z","updated_at":"2026-07-01T05:09:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"actions","update_count":3,"packages":[{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"j178/prek-action","old_version":"1.1.1","new_version":"2.0.4","repository_url":"https://github.com/j178/prek-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 3 updates in the / directory: [actions/github-script](https://github.com/actions/github-script), [actions/checkout](https://github.com/actions/checkout) and [j178/prek-action](https://github.com/j178/prek-action).\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `j178/prek-action` from 1.1.1 to 2.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek-action/releases\"\u003ej178/prek-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.12 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/131\"\u003ej178/prek-action#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.13 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/132\"\u003ej178/prek-action#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.4.0 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/133\"\u003ej178/prek-action#133\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.4\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse single action entrypoint by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/128\"\u003ej178/prek-action#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.10 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/123\"\u003ej178/prek-action#123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.11 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/124\"\u003ej178/prek-action#124\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.3\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce missing checksum log noise by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/117\"\u003ej178/prek-action#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate zizmorcore/zizmor-action action to v0.5.2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/118\"\u003ej178/prek-action#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.9 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/119\"\u003ej178/prek-action#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.2\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove redundant show-verbose-logs empty-string guard by \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/112\"\u003ej178/prek-action#112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRename action.yaml to action.yml by \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/113\"\u003ej178/prek-action#113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.8 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/114\"\u003ej178/prek-action#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove update-known-versions job by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/115\"\u003ej178/prek-action#115\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.1\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompletely rewritten in TypeScript for a more maintainable and modern implementation (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/76\"\u003e#76\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprek-version\u003c/code\u003e now supports semver ranges such as \u003ccode\u003e0.3.x\u003c/code\u003e, with faster and more reliable version resolution (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/81\"\u003e#81\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/80\"\u003e#80\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/92\"\u003e#92\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/94\"\u003e#94\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDownloaded \u003ccode\u003eprek\u003c/code\u003e archives are now validated against known checksums before install (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/83\"\u003e#83\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eshow-verbose-logs\u003c/code\u003e to control whether verbose \u003ccode\u003eprek\u003c/code\u003e logs are printed after the run (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/78\"\u003e#78\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved caching behavior with an explicit \u003ccode\u003ecache\u003c/code\u003e input, a new \u003ccode\u003ecache-hit\u003c/code\u003e output, corrected cache path resolution, and fixes for redundant cache saves (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/91\"\u003e#91\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/102\"\u003e#102\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/110\"\u003e#110\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved Windows install performance by optimizing ZIP extraction (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v1...v2.0.0\"\u003ehttps://github.com/j178/prek-action/compare/v1...v2.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/bdca6f102f98e2b4c7029491a53dfd366469e33d\"\u003e\u003ccode\u003ebdca6f1\u003c/code\u003e\u003c/a\u003e Update actions/setup-node action to v6.4.0 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/3230ac790833e10f3e8ba07295920e3444308738\"\u003e\u003ccode\u003e3230ac7\u003c/code\u003e\u003c/a\u003e Update dependency vitest to v4.1.5 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/9a332a1ec100db5036bea50019fd2a90d3fdace0\"\u003e\u003ccode\u003e9a332a1\u003c/code\u003e\u003c/a\u003e Update pre-commit hook biomejs/pre-commit to v2.4.13 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/136\"\u003e#136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/8b5690122c644b0e39930aff09acacfaf21e5845\"\u003e\u003ccode\u003e8b56901\u003c/code\u003e\u003c/a\u003e Update known versions for prek 0.4.0 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/4a83041fd50018534ecf99331c324cba3c06cf5e\"\u003e\u003ccode\u003e4a83041\u003c/code\u003e\u003c/a\u003e Update known versions for prek 0.3.13 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/fe609835004edf84ea2d974629fd1e9e49ea4371\"\u003e\u003ccode\u003efe60983\u003c/code\u003e\u003c/a\u003e Update known versions for prek 0.3.12 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/6f2f302147053e50286fb30e7c25e530503f50c2\"\u003e\u003ccode\u003e6f2f302\u003c/code\u003e\u003c/a\u003e Update pre-commit hook biomejs/pre-commit to v2.4.12 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/6ad80277337ad479fe43bd70701c3f7f8aa74db3\"\u003e\u003ccode\u003e6ad8027\u003c/code\u003e\u003c/a\u003e Use single action entrypoint (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/128\"\u003e#128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/f8c977a1d249f9c1b30e812ea3d04379f0ecf344\"\u003e\u003ccode\u003ef8c977a\u003c/code\u003e\u003c/a\u003e Update dependency typescript to v6 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/7c137cf2a0edba5ec68921a9afea6364f146bbdf\"\u003e\u003ccode\u003e7c137cf\u003c/code\u003e\u003c/a\u003e Update npm dev dependencies (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/125\"\u003e#125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek-action/compare/0bb87d7f00b0c99306c8bcb8b8beba1eb581c037...bdca6f102f98e2b4c7029491a53dfd366469e33d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/zrsx/cpython/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zrsx%2Fcpython/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4781840863","node_id":"PR_kwDOI2JFeM7se1bd","number":213,"state":"open","title":"Bump the first-party group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T02:22:58.000Z","updated_at":"2026-07-01T02:27:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"first-party","update_count":5,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/attest-build-provenance","old_version":"3","new_version":"4","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"actions/upload-artifact","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/download-artifact","old_version":"7","new_version":"8","repository_url":"https://github.com/actions/download-artifact"}],"path":null,"ecosystem":"actions"},"body":"Bumps the first-party group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3` | `4` |\n| [actions/github-script](https://github.com/actions/github-script) | `8` | `9` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `7` | `8` |\n\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 3 to 4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v3 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/697\"\u003eactions/attest-build-provenance#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/749\"\u003eactions/attest-build-provenance#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 7.5.1 to 7.5.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/753\"\u003eactions/attest-build-provenance#753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/754\"\u003eactions/attest-build-provenance#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.1 to 25.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/774\"\u003eactions/attest-build-provenance#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 1.6.0 to 2.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/736\"\u003eactions/attest-build-provenance#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 2.0.0 to 2.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/775\"\u003eactions/attest-build-provenance#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for creating artifact metadata storage records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3...v3.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0f67c3f4856b2e3261c31976d6725780e5e4c373\"\u003e\u003ccode\u003e0f67c3f\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.3 to 7.0.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/21b787db45d5d4b6fc776b99a247a6493082d1fd\"\u003e\u003ccode\u003e21b787d\u003c/code\u003e\u003c/a\u003e Update actions/attest to v4.1.1 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/f14352a605c57b0a66e0d49bba5825967f1dbedf\"\u003e\u003ccode\u003ef14352a\u003c/code\u003e\u003c/a\u003e add dependabot cooldown (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/851\"\u003e#851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/2c04a00460b64b4dfd062384e60ea87fa18e1728\"\u003e\u003ccode\u003e2c04a00\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.2 to 6.0.3 in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/10334b5f1e684784025c3fc0a277c88c19089275\"\u003e\u003ccode\u003e10334b5\u003c/code\u003e\u003c/a\u003e remove badges from README (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c5efebd311e9a809e832398ca2b73bb429ff3508\"\u003e\u003ccode\u003ec5efebd\u003c/code\u003e\u003c/a\u003e remove prober workflows (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 7 to 8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3\"\u003e\u003ccode\u003e70fc10c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/461\"\u003e#461\u003c/a\u003e from actions/danwkennedy/digest-mismatch-behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62\"\u003e\u003ccode\u003ef258da9\u003c/code\u003e\u003c/a\u003e Add change docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c\"\u003e\u003ccode\u003eccc058e\u003c/code\u003e\u003c/a\u003e Fix linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd\"\u003e\u003ccode\u003ebd7976b\u003c/code\u003e\u003c/a\u003e Add a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c\"\u003e\u003ccode\u003eac21fcf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/460\"\u003e#460\u003c/a\u003e from actions/danwkennedy/download-no-unzip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0\"\u003e\u003ccode\u003e15999bf\u003c/code\u003e\u003c/a\u003e Add note about package bumps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561\"\u003e\u003ccode\u003e974686e\u003c/code\u003e\u003c/a\u003e Bump the version to \u003ccode\u003ev8\u003c/code\u003e and add release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75\"\u003e\u003ccode\u003efbe48b1\u003c/code\u003e\u003c/a\u003e Update test names to make it clearer what they do\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/matiaskorhonen/paper-age/pull/213","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/matiaskorhonen%2Fpaper-age/issues/213","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/213/packages"},{"uuid":"4781552482","node_id":"PR_kwDOQJflCs7sd61o","number":55,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T01:16:35.000Z","updated_at":"2026-07-01T01:21:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":15,"packages":[{"name":"step-security/harden-runner","old_version":"2.13.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"5.0.0","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"6.0.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"github/codeql-action/init","old_version":"4.31.0","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"github/codeql-action/analyze","old_version":"4.31.0","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/dependency-review-action","old_version":"45529485b5eb76184ced07362d2331fd9d26f03f","new_version":"dcd589ca9f7a6ded22e224ca2e288beb6bf9846b","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"crazy-max/ghaction-import-gpg","old_version":"6","new_version":"7","repository_url":"https://github.com/crazy-max/ghaction-import-gpg"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"softprops/action-gh-release","old_version":"2.2.1","new_version":"3.0.1","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/attest-build-provenance","old_version":"3.0.0","new_version":"4.1.1","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"github/codeql-action/upload-sarif","old_version":"4.31.0","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/stale","old_version":"10.1.0","new_version":"10.3.0","repository_url":"https://github.com/actions/stale"},{"name":"actions/ai-inference","old_version":"2.0.1","new_version":"2.1.1","repository_url":"https://github.com/actions/ai-inference"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `7.0.0` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.0.0` | `6.4.0` |\n| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.31.0` | `4.36.2` |\n| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.31.0` | `4.36.2` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `45529485b5eb76184ced07362d2331fd9d26f03f` | `dcd589ca9f7a6ded22e224ca2e288beb6bf9846b` |\n| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6` | `7` |\n| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.1` | `3.0.1` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3.0.0` | `4.1.1` |\n| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.31.0` | `4.36.2` |\n| [actions/stale](https://github.com/actions/stale) | `10.1.0` | `10.3.0` |\n| [actions/ai-inference](https://github.com/actions/ai-inference) | `2.0.1` | `2.1.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n\n\nUpdates `step-security/harden-runner` from 2.13.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.13.1...v2.19.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 5.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.0.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action/init` from 4.31.0 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action/init's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action/init's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v4.36.2-dcb947ce1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a\"\u003e\u003ccode\u003ef521b08\u003c/code\u003e\u003c/a\u003e Add additional changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08\"\u003e\u003ccode\u003e8aeff0f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c\"\u003e\u003ccode\u003edcb947c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3948\"\u003e#3948\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9\"\u003e\u003ccode\u003ec251bce\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c\"\u003e\u003ccode\u003e62953c1\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37\"\u003e\u003ccode\u003e423b570\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3946\"\u003e#3946\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-5d507a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496\"\u003e\u003ccode\u003ec35d1b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3947\"\u003e#3947\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd\"\u003e\u003ccode\u003ecb1a588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3937\"\u003e#3937\u003c/a\u003e from github/robertbrignull/waitForProcessing_backoff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206\"\u003e\u003ccode\u003eba47406\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3943\"\u003e#3943\u003c/a\u003e from github/henrymercer/cache-cli-version-info\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/4e94bd11f71e507f7f87df81788dff88d1dacbfb...8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action/analyze` from 4.31.0 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action/analyze's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action/analyze's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v...\n\n_Description has been truncated_","html_url":"https://github.com/xiaomizhoubaobei/MZAPI-TS/pull/55","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaomizhoubaobei%2FMZAPI-TS/issues/55","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/55/packages"},{"uuid":"4780850436","node_id":"PR_kwDOTJ6gq87sbpny","number":1,"state":"open","title":"Bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-30T22:32:13.000Z","updated_at":"2026-06-30T22:32:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fantasyia/somatec_web/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyia%2Fsomatec_web/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4779539154","node_id":"PR_kwDOTCLi4s7sXWl_","number":185,"state":"open","title":"ci(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-30T18:44:15.000Z","updated_at":"2026-06-30T18:48:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Commonfields25/Interceptor_M/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Commonfields25%2FInterceptor_M/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"},{"uuid":"4770107466","node_id":"PR_kwDORMkKiM7r4Von","number":56,"state":"open","title":"ci: bump actions/github-script from 8.0.0 to 9.0.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-29T17:05:04.000Z","updated_at":"2026-06-29T17:11:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=8.0.0\u0026new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/jongio/azd-copilot/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-copilot/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"},{"uuid":"4766864531","node_id":"PR_kwDORHBJRc7rtnNC","number":390,"state":"open","title":"ci(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-29T09:35:17.000Z","updated_at":"2026-06-29T09:35:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Bitcoindefi/Open-Stellar/pull/390","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bitcoindefi%2FOpen-Stellar/issues/390","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/390/packages"}],"issue_packages":[{"old_version":"8.0.0","new_version":"9.0.0","update_type":"major","path":null,"pr_created_at":"2026-07-15T15:16:00.000Z","version_change":"8.0.0 → 9.0.0","issue":{"uuid":"4893835600","node_id":"PR_kwDOTZY2Ls7yFtEz","number":6,"state":"closed","title":"Bump actions/github-script from 8.0.0 to 9.0.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-07-16T03:30:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-15T15:16:00.000Z","updated_at":"2026-07-16T03:30:39.000Z","time_to_close":44071,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=8.0.0\u0026new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wdxhr3/codex-transcript-folding/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wdxhr3%2Fcodex-transcript-folding/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"7.1.0","new_version":"9.0.0","update_type":"major","path":null,"pr_created_at":"2026-07-15T05:40:43.000Z","version_change":"7.1.0 → 9.0.0","issue":{"uuid":"4889656037","node_id":"PR_kwDORwQ5fs7x4LLX","number":287,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-15T05:40:43.000Z","updated_at":"2026-07-19T02:16:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":16,"packages":[{"name":"actions/checkout","old_version":"4.2.2","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"4.4.0","new_version":"7.0.0","repository_url":"https://github.com/actions/setup-node"},{"name":"github/codeql-action/upload-sarif","old_version":"3.26.6","new_version":"4.37.1","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"taiki-e/install-action","old_version":"2.83.0","new_version":"2.83.4","repository_url":"https://github.com/taiki-e/install-action"},{"name":"actions/attest-build-provenance","old_version":"2.4.0","new_version":"4.1.1","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"codecov/codecov-action","old_version":"4.6.0","new_version":"7.0.0","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"actions/setup-dotnet","old_version":"4.3.1","new_version":"6.0.0","repository_url":"https://github.com/actions/setup-dotnet"},{"name":"google/osv-scanner-action/osv-scanner-action","old_version":"2.2.3","new_version":"2.3.8","repository_url":"https://github.com/google/osv-scanner-action"},{"name":"actions/github-script","old_version":"7.1.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"},{"name":"gitleaks/gitleaks-action","old_version":"2.3.9","new_version":"3.0.0","repository_url":"https://github.com/gitleaks/gitleaks-action"},{"name":"aquasecurity/trivy-action","old_version":"df678dbccf677bc6937338d569ba0da18964a8cc","new_version":"c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8","repository_url":"https://github.com/aquasecurity/trivy-action"}],"path":null,"ecosystem":"actions"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the github-actions group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `7.0.0` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `7.0.0` |\n| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `3.26.6` | `4.37.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.83.0` | `2.83.4` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.1` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.6.0` | `7.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4.3.1` | `6.0.0` |\n| [google/osv-scanner-action/osv-scanner-action](https://github.com/google/osv-scanner-action) | `2.2.3` | `2.3.8` |\n| [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `9.0.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |\n| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.9` | `3.0.0` |\n| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `df678dbccf677bc6937338d569ba0da18964a8cc` | `c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8` |\n\n\nUpdates `actions/checkout` from 4.2.2 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump github/codeql-action from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2475\"\u003eactions/checkout#2475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-node from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2477\"\u003eactions/checkout#2477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/build-push-action from 6.5.0 to 7.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2478\"\u003eactions/checkout#2478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/login-action from 3.3.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2479\"\u003eactions/checkout#2479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 6 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2488\"\u003eactions/checkout#2488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2476\"\u003eactions/checkout#2476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eeslint 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2474\"\u003eactions/checkout#2474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-actions-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2499\"\u003eactions/checkout#2499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eskip running unsafe pr check if input is default by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2518\"\u003eactions/checkout#2518\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etrim only ascii whitespace for branch by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2521\"\u003eactions/checkout#2521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eescape values passed to --unset by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2530\"\u003eactions/checkout#2530\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.2.2...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4.4.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd cache-primary-key and cache-matched-key as outputs by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1577\"\u003eactions/setup-node#1577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to ESM and upgrade dependencies by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1574\"\u003eactions/setup-node#1574\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove dummy NODE_AUTH_TOKEN export by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1558\"\u003eactions/setup-node#1558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly use \u003ccode\u003emirrorToken\u003c/code\u003e in \u003ccode\u003egetManifest\u003c/code\u003e if it's provided by \u003ca href=\"https://github.com/deiga\"\u003e\u003ccode\u003e@​deiga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1548\"\u003eactions/setup-node#1548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd documentation for publishing to npm with Trusted Publisher (OIDC) by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1536\"\u003eactions/setup-node#1536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update restore-only cache documentation by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1550\"\u003eactions/setup-node#1550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update caching recommendations to mitigate cache poisoning risks by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1567\"\u003eactions/setup-node#1567\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency update:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to 5.1.0, log cache write denied by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1569\"\u003eactions/setup-node#1569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1536\"\u003eactions/setup-node#1536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deiga\"\u003e\u003ccode\u003e@​deiga\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1548\"\u003eactions/setup-node#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1569\"\u003eactions/setup-node#1569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@​actions/cache\u003c/code\u003e to 5.1.0 and add security overrides for undici and fast-xml-parser by \u003ca href=\"https://github.com/HarithaVattikuti\"\u003e\u003ccode\u003e@​HarithaVattikuti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1579\"\u003eactions/setup-node#1579\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6.4.0...v6.5.0\"\u003ehttps://github.com/actions/setup-node/compare/v6.4.0...v6.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/820762786026740c76f36085b0efc47a31fe5020\"\u003e\u003ccode\u003e8207627\u003c/code\u003e\u003c/a\u003e Migrate to ESM and upgrade dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1574\"\u003e#1574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/04be95cf3511ea51ebf9f224ddfb99cc7ab87cd4\"\u003e\u003ccode\u003e04be95c\u003c/code\u003e\u003c/a\u003e Add cache-primary-key and cache-matched-key as outputs (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1577\"\u003e#1577\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/7c2c68d20d402ed6a201ada70a81341941093140\"\u003e\u003ccode\u003e7c2c68d\u003c/code\u003e\u003c/a\u003e docs: Update caching recommendations to mitigate cache poisoning risks (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1567\"\u003e#1567\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6a61c0375d66246de94630495909f12cf8dac84d\"\u003e\u003ccode\u003e6a61c03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1569\"\u003e#1569\u003c/a\u003e from jasongin/update-actions-cache-5.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/30eb73b41ded577900c1ebf968ef95cdf8f7434f\"\u003e\u003ccode\u003e30eb73b\u003c/code\u003e\u003c/a\u003e Resolve high-severity audit issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/4e1a87a501d0302f99e30e2748568adcb388d09f\"\u003e\u003ccode\u003e4e1a87a\u003c/code\u003e\u003c/a\u003e Update dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/360237f0c01778d0c17291f75c56d6feae4f7574\"\u003e\u003ccode\u003e360237f\u003c/code\u003e\u003c/a\u003e Strict equality\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/4f8aac5beb2f0854bc79651567a18c67eb0b9de3\"\u003e\u003ccode\u003e4f8aac5\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to 5.1.0, log cache write denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/f4a67bbeca970f103397d3d2b9462cf787cd2980\"\u003e\u003ccode\u003ef4a67bb\u003c/code\u003e\u003c/a\u003e Only use \u003ccode\u003emirrorToken\u003c/code\u003e in \u003ccode\u003egetManifest\u003c/code\u003e if it's provided (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1548\"\u003e#1548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/0355742c943ddb13ca8a6b700f824231caa91e75\"\u003e\u003ccode\u003e0355742\u003c/code\u003e\u003c/a\u003e Remove dummy NODE_AUTH_TOKEN export (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1558\"\u003e#1558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...820762786026740c76f36085b0efc47a31fe5020\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action/upload-sarif` from 3.26.6 to 4.37.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action/upload-sarif's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.37.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3956\"\u003e#3956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.1\"\u003e2.26.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/4019\"\u003e#4019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.37.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0\"\u003e2.26.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3995\"\u003e#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn addition to the existing input format, the \u003ccode\u003econfig-file\u003c/code\u003e input for the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step will soon support a new \u003ccode\u003e[owner/]repo[@ref][:path]\u003c/code\u003e format. All components except the repository name are optional. If omitted, \u003ccode\u003eowner\u003c/code\u003e defaults to the same owner as the repository the analysis is running for, \u003ccode\u003eref\u003c/code\u003e to \u003ccode\u003emain\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e to \u003ccode\u003e.github/codeql-action.yaml\u003c/code\u003e. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3973\"\u003e#3973\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.3\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action/upload-sarif's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.37.1 - 16 Jul 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3956\"\u003e#3956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.1\"\u003e2.26.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/4019\"\u003e#4019\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.37.0 - 08 Jul 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0\"\u003e2.26.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3995\"\u003e#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn addition to the existing input format, the \u003ccode\u003econfig-file\u003c/code\u003e input for the \u003ccode\u003ecodeql-action/init\u003c/code\u003e step will soon support a new \u003ccode\u003e[owner/]repo[@ref][:path]\u003c/code\u003e format. All components except the repository name are optional. If omitted, \u003ccode\u003eowner\u003c/code\u003e defaults to the same owner as the repository the analysis is running for, \u003ccode\u003eref\u003c/code\u003e to \u003ccode\u003emain\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e to \u003ccode\u003e.github/codeql-action.yaml\u003c/code\u003e. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3973\"\u003e#3973\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.3 - 01 Jul 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7188fc363630916deb702c7fdcf4e481b751f97a\"\u003e\u003ccode\u003e7188fc3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4020\"\u003e#4020\u003c/a\u003e from github/update-v4.37.1-9e7c07009\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c8b5f69be686908c3dfd844428137d56fe80c936\"\u003e\u003ccode\u003ec8b5f69\u003c/code\u003e\u003c/a\u003e Update changelog for v4.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e7c070092090e89e8b3d62f977d4456e0732cd7\"\u003e\u003ccode\u003e9e7c070\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4014\"\u003e#4014\u003c/a\u003e from github/mbg/explicit-remote-prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/3492b7e9ab96e28b1d8b971345d30e929c6f8fee\"\u003e\u003ccode\u003e3492b7e\u003c/code\u003e\u003c/a\u003e Change \u003ccode\u003eREMOTE_PATH_PREFIX\u003c/code\u003e to \u003ccode\u003eremote=\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/3654baa924bc6456db54002581cb7c1c877548c4\"\u003e\u003ccode\u003e3654baa\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/explicit-remote-prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2d682ac05f1b3588aaff3814826bede39b9ba6bb\"\u003e\u003ccode\u003e2d682ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4017\"\u003e#4017\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/23f6a50753a88efd9b7ae8687b29f6bdb65f6250\"\u003e\u003ccode\u003e23f6a50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4009\"\u003e#4009\u003c/a\u003e from github/mbg/action-state/additions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/1ee3c75d1988ab8621f01ebb165115c38d56df91\"\u003e\u003ccode\u003e1ee3c75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4018\"\u003e#4018\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e053684dc500899b0b5520edc8549ac0f1ed730b\"\u003e\u003ccode\u003ee053684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4015\"\u003e#4015\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-fd2e83...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6803c5671d2f87a83ed96e151c441b1cb3bdc66a\"\u003e\u003ccode\u003e6803c56\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/4019\"\u003e#4019\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.26.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v3.26.6...7188fc363630916deb702c7fdcf4e481b751f97a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `taiki-e/install-action` from 2.83.0 to 2.83.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/taiki-e/install-action/releases\"\u003etaiki-e/install-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.83.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.29.10.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003euv@latest\u003c/code\u003e to 0.11.29.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003esyft@latest\u003c/code\u003e to 1.48.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.10.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-shear@latest\u003c/code\u003e to 1.13.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.83.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erelease-plz@latest\u003c/code\u003e to 0.3.160.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.9.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.6.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003edprint@latest\u003c/code\u003e to 0.55.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-dinghy@latest\u003c/code\u003e to 0.8.5.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-binstall@latest\u003c/code\u003e to 1.21.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ebiome@latest\u003c/code\u003e to 2.5.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.83.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eparse-dockerfile@latest\u003c/code\u003e to 0.1.8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.5.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ejust@latest\u003c/code\u003e to 1.56.0.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003egungraun-runner@latest\u003c/code\u003e to 0.19.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-neat@latest\u003c/code\u003e to 0.4.1.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.83.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erclone@latest\u003c/code\u003e to 1.74.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.4.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ecargo-deny@latest\u003c/code\u003e to 0.20.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/07b4745e0c39a41822af610387492e3e53aa222b\"\u003e\u003ccode\u003e07b4745\u003c/code\u003e\u003c/a\u003e Release 2.83.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/43f637c917d864bbb9ef9c37d7d5c45cd588c8c8\"\u003e\u003ccode\u003e43f637c\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003evacuum@latest\u003c/code\u003e to 0.29.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/bb5da8d1440c80663ca48dff1e59f70d60faaa65\"\u003e\u003ccode\u003ebb5da8d\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003euv@latest\u003c/code\u003e to 0.11.29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/0648320db663f89e8a2d2845b8680912df153a22\"\u003e\u003ccode\u003e0648320\u003c/code\u003e\u003c/a\u003e Update tombi manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/ce1731c3f8f14122a8d3f6c56cdf2cf14d72b04d\"\u003e\u003ccode\u003ece1731c\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003esyft@latest\u003c/code\u003e to 1.48.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/fe5817c309cd74b845e25225c5db8b0510340841\"\u003e\u003ccode\u003efe5817c\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003eprek@latest\u003c/code\u003e to 0.4.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/0c794b58afcbd4ee6312bdb688c481cc1b217b62\"\u003e\u003ccode\u003e0c794b5\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emise@latest\u003c/code\u003e to 2026.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/c6f8c88728f8f9161ae0a85ead5901ad614ff8c1\"\u003e\u003ccode\u003ec6f8c88\u003c/code\u003e\u003c/a\u003e Update kingfisher manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/2f6e9b366e05d1f138b2db26df9242521773afa9\"\u003e\u003ccode\u003e2f6e9b3\u003c/code\u003e\u003c/a\u003e Update cosign manifest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taiki-e/install-action/commit/107fc4ee1ac5c353a40c63fb2bcf567f93e2c57b\"\u003e\u003ccode\u003e107fc4e\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003ecargo-shear@latest\u003c/code\u003e to 1.13.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/taiki-e/install-action/compare/v2.83.0...v2.83.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 2.4.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions/attest to v4.1.1 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/858\"\u003eactions/attest-build-provenance#858\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate RELEASE.md docs by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/836\"\u003eactions/attest-build-provenance#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/attest\u003c/code\u003e from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/838\"\u003eactions/attest-build-provenance#838\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.0.0 to 3.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/362\"\u003eactions/attest#362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.1.0 to 3.2.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/365\"\u003eactions/attest#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new \u003ccode\u003esubject-version\u003c/code\u003e input for inclusion in storage record by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/364\"\u003eactions/attest#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd storage record content to README by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/366\"\u003eactions/attest#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0f67c3f4856b2e3261c31976d6725780e5e4c373\"\u003e\u003ccode\u003e0f67c3f\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.3 to 7.0.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/21b787db45d5d4b6fc776b99a247a6493082d1fd\"\u003e\u003ccode\u003e21b787d\u003c/code\u003e\u003c/a\u003e Update actions/attest to v4.1.1 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/f14352a605c57b0a66e0d49bba5825967f1dbedf\"\u003e\u003ccode\u003ef14352a\u003c/code\u003e\u003c/a\u003e add dependabot cooldown (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/851\"\u003e#851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/2c04a00460b64b4dfd062384e60ea87fa18e1728\"\u003e\u003ccode\u003e2c04a00\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.2 to 6.0.3 in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/10334b5f1e684784025c3fc0a277c88c19089275\"\u003e\u003ccode\u003e10334b5\u003c/code\u003e\u003c/a\u003e remove badges from README (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c5efebd311e9a809e832398ca2b73bb429ff3508\"\u003e\u003ccode\u003ec5efebd\u003c/code\u003e\u003c/a\u003e remove prober workflows (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...0f67c3f4856b2e3261c31976d6725780e5e4c373\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 4.6.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cp\u003e⚠️ Due to migration issues with keybase, we are unable to update our keys under the \u003ccode\u003ecodecovsecurity\u003c/code\u003e account. We have deleted the account and are using \u003ccode\u003ecodecovsecops\u003c/code\u003e with the original gpg key\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cp\u003eThis is a copy of the \u003ccode\u003ev7.0.0\u003c/code\u003e release to make updates easier\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.5\u003c/h2\u003e\n\u003cp\u003eThis release only contains the keybase.io change as described \u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1956\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e...\n\n_Description has been truncated_\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump GitHub Actions across all workflows to latest major versions\n\u003e Updates action pins across all CI/CD workflows to their latest releases. Key version changes include `actions/checkout` to v7.0.0, `actions/upload-artifact` to v7.0.1, `actions/download-artifact` to v8.0.1, `actions/setup-node` to v7.0.0, `actions/setup-dotnet` to v6.0.0, `actions/attest-build-provenance` to v4.1.1, `codecov/codecov-action` to v7.0.0, `actions/github-script` to v9.0.0, and `github/codeql-action` uploads to v3.27.0.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized cf95987.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/KooshaPari/sharecli/pull/287","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KooshaPari%2Fsharecli/issues/287","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/287/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-12T03:52:24.000Z","version_change":"7 → 9","issue":{"uuid":"4865303417","node_id":"PR_kwDOTOKI-87wq96f","number":13,"state":"closed","title":"chore(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-17T00:10:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-12T03:52:24.000Z","updated_at":"2026-07-17T00:10:58.000Z","time_to_close":418706,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kfat77/digital-nomad-cn/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kfat77%2Fdigital-nomad-cn/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-08T05:35:27.000Z","version_change":"7 → 9","issue":{"uuid":"4834663253","node_id":"PR_kwDOTRMGks7vIm4W","number":2,"state":"open","title":"build(deps): bump the github-actions group with 3 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-08T05:35:27.000Z","updated_at":"2026-07-08T05:37:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"github-actions","update_count":3,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/github-script](https://github.com/actions/github-script).\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we're treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 7 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/smorrisods/jira-tui/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smorrisods%2Fjira-tui/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-06T02:00:01.000Z","version_change":"7 → 9","issue":{"uuid":"4815360581","node_id":"PR_kwDOTNdoN87uJ0of","number":3,"state":"closed","title":"Bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-07-06T02:04:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-06T02:00:01.000Z","updated_at":"2026-07-06T02:04:11.000Z","time_to_close":243,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/yuseok-kim-edushare/Korea-cms-evidence-optimizer/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuseok-kim-edushare%2FKorea-cms-evidence-optimizer/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"8.0.0","new_version":"9.0.0","update_type":"major","path":null,"pr_created_at":"2026-07-05T03:19:56.000Z","version_change":"8.0.0 → 9.0.0","issue":{"uuid":"4811452125","node_id":"PR_kwDOS_o_7M7t-RDt","number":85,"state":"open","title":"chore(ci)(deps): bump the github-actions group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["type: ci","automated","dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-05T03:19:56.000Z","updated_at":"2026-07-05T03:26:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps): bump","group_name":"github-actions","update_count":8,"packages":[{"name":"actions/checkout","old_version":"6.0.3","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5.0.1","new_version":"6.1.0","repository_url":"https://github.com/actions/cache"},{"name":"oxsecurity/megalinter","old_version":"9.5.0","new_version":"9.6.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"docker/setup-buildx-action","old_version":"3.12.0","new_version":"4.2.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"6.19.2","new_version":"7.3.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/upload-code-coverage","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/actions/upload-code-coverage"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `6.1.0` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.2.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.3.0` |\n| [actions/upload-code-coverage](https://github.com/actions/upload-code-coverage) | `1.2.0` | `1.3.0` |\n\n\nUpdates `actions/checkout` from 6.0.3 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1768\"\u003eactions/cache#1768\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/cache/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packages, migrate to ESM by \u003ca href=\"https://github.com/Samirat\"\u003e\u003ccode\u003e@​Samirat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1760\"\u003eactions/cache#1760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/cache/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1775\"\u003eactions/cache#1775\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.1.0\"\u003ehttps://github.com/actions/cache/compare/v5...v5.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e6.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v6.1.0 to pick up \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2435\"\u003eactions/toolkit#2435 Handle cache write error due to read-only token\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch redundant \u0026quot;Cache save failed\u0026quot; warning to debug log in save-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e6.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003e@actions/cache\u003c/code\u003e to ^6.0.1, \u003ccode\u003e@actions/core\u003c/code\u003e to ^3.0.1, \u003ccode\u003e@actions/exec\u003c/code\u003e to ^3.0.0, \u003ccode\u003e@actions/io\u003c/code\u003e to ^3.0.2\u003c/li\u003e\n\u003cli\u003eMigrated to ESM module system\u003c/li\u003e\n\u003cli\u003eUpgraded Jest to v30 and test infrastructure to be ESM compatible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003e\u003ccode\u003e55cc834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1768\"\u003e#1768\u003c/a\u003e from jasongin/readonly-cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337\"\u003e\u003ccode\u003ed8cd72f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle cache write error due to RO token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8\"\u003e\u003ccode\u003e2c8a9bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1760\"\u003e#1760\u003c/a\u003e from actions/samirat/esm_migration_and_package_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023\"\u003e\u003ccode\u003ee9b91fd\u003c/code\u003e\u003c/a\u003e Prettier fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb\"\u003e\u003ccode\u003ee4884b8\u003c/code\u003e\u003c/a\u003e Rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f\"\u003e\u003ccode\u003e10baf01\u003c/code\u003e\u003c/a\u003e Fixed licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37\"\u003e\u003ccode\u003ee39b386\u003c/code\u003e\u003c/a\u003e Fix test mock return order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06\"\u003e\u003ccode\u003eb692820\u003c/code\u003e\u003c/a\u003e PR feedback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1\"\u003e\u003ccode\u003e6074912\u003c/code\u003e\u003c/a\u003e Rebuild dist bundles as ESM to match type:module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e\"\u003e\u003ccode\u003e5a912e8\u003c/code\u003e\u003c/a\u003e Fix lint and jest issues\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v5.0.1...55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.5.0 to 9.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eENABLE_DISABLE_LINTERS_PRIORITY\u003c/code\u003e variable to let \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e override \u003ccode\u003eENABLE_LINTERS\u003c/code\u003e when a linter is in both lists (e.g. to trim an inherited \u003ccode\u003eENABLE_LINTERS\u003c/code\u003e list via \u003ccode\u003eEXTENDS\u003c/code\u003e), fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8296\"\u003e#8296\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eSARIF_TO_HUMAN\u003c/code\u003e producing empty linter logs when the bundled \u003ccode\u003esarif-fmt\u003c/code\u003e binary crashes by building it from source on Alpine and falling back to raw SARIF on conversion failure (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8294\"\u003e#8294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKeep the Docker Pulls badge in \u003ccode\u003edocs/index.md\u003c/code\u003e in sync by having \u003ccode\u003edocker_stats.py\u003c/code\u003e also update the hardcoded badge total in \u003ccode\u003e.automation/build.py\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix per-linter Docker images being published single-arch. The BETA and RELEASE linter workflows split each linter into independent per-platform jobs that all pushed the same tag (\u003ccode\u003e:beta\u003c/code\u003e, \u003ccode\u003e:v9\u003c/code\u003e, \u003ccode\u003e:vX.Y.Z\u003c/code\u003e, \u003ccode\u003e:latest\u003c/code\u003e), so the last push won and overwrote the other architecture. They now push each platform by digest and a dedicated merge job assembles a proper multi-arch manifest list per linter, restoring linux/amd64 + linux/arm64 support for \u003ccode\u003emegalinter-only-*\u003c/code\u003e images.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/pyright\"\u003epyright\u003c/a\u003e from 1.1.410 to \u003cstrong\u003e1.1.411\u003c/strong\u003e on 2026-06-28\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003e\u003ccode\u003eef3e84b\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8b9259bc485e515ea49a8499d977ea33feaa0dfc\"\u003e\u003ccode\u003e8b9259b\u003c/code\u003e\u003c/a\u003e Skill prepare-release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8245\"\u003e#8245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5810155bf0b4ec19e4024a4cdf6dd30c005f4385\"\u003e\u003ccode\u003e5810155\u003c/code\u003e\u003c/a\u003e chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/aca415ce26db68e09cb01c4c285224c6e1ca0509\"\u003e\u003ccode\u003eaca415c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency semver to v7.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8198\"\u003e#8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/2d8b2746081f6e65e10b938edf1f3ea4f1a07c4d\"\u003e\u003ccode\u003e2d8b274\u003c/code\u003e\u003c/a\u003e Remove max-parallel for linters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e9ab3e93ab1f0259302d98529aa6dc04b140c640\"\u003e\u003ccode\u003ee9ab3e9\u003c/code\u003e\u003c/a\u003e chore(ci): manual run of deploy linters beta job (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8242\"\u003e#8242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a8a636841baaf381cc89769d07ff7eb89aacc8b5\"\u003e\u003ccode\u003ea8a6368\u003c/code\u003e\u003c/a\u003e Changelog (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8241\"\u003e#8241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7f363c6a36174f3850c9c22bb4a1b321fcd7c9bf\"\u003e\u003ccode\u003e7f363c6\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8215\"\u003e#8215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bce5232d6c78c7f00af6ec4a33649cceabeab478\"\u003e\u003ccode\u003ebce5232\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8232\"\u003e#8232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d98266cb441657dac9a3d9bee424ba3b1b0aed7\"\u003e\u003ccode\u003e9d98266\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency realm/swiftlint to v0.65.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8240\"\u003e#8240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7...ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.9.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.12.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve names in esbuild bundle by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/572\"\u003edocker/setup-buildx-action#572\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/551\"\u003edocker/setup-buildx-action#551\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.90.0 to 0.92.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/557\"\u003edocker/setup-buildx-action#557\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/580\"\u003edocker/setup-buildx-action#580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​sigstore/core\u003c/code\u003e from 3.1.0 to 3.2.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/573\"\u003edocker/setup-buildx-action#573\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​sigstore/verify\u003c/code\u003e from 3.1.0 to 3.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/576\"\u003edocker/setup-buildx-action#576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.1 to 5.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/562\"\u003edocker/setup-buildx-action#562\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump sigstore from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/577\"\u003edocker/setup-buildx-action#577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.7 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/556\"\u003edocker/setup-buildx-action#556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.25.0 to 6.27.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/570\"\u003edocker/setup-buildx-action#570\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.2 to 7.3.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/569\"\u003edocker/setup-buildx-action#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/bb05f3f5519dd87d3ba754cc423b652a5edd6d2c\"\u003e\u003ccode\u003ebb05f3f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/580\"\u003e#580\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/321c814cb51fbe4af8eca00249525cc0973ea66f\"\u003e\u003ccode\u003e321c814\u003c/code\u003e\u003c/a\u003e [dependabot skip] chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b9a36ef79ba42cfc611885a1e8c388fbf8b8cb3f\"\u003e\u003ccode\u003eb9a36ef\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.91.0 to 0.92.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/ebeab241289497cd564ac98b3cfc9e64607bb276\"\u003e\u003ccode\u003eebeab24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/570\"\u003e#570\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/5c7b8ae78cec97a3215d4d86679b1d072eaa80cb\"\u003e\u003ccode\u003e5c7b8ae\u003c/code\u003e\u003c/a\u003e [dependabot skip] chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/037e618cd98e95e81525b15ff0e9c96f507e6a0e\"\u003e\u003ccode\u003e037e618\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.25.0 to 6.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/66080e5802281ec2e72b7f3108915643e702db85\"\u003e\u003ccode\u003e66080e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/577\"\u003e#577\u003c/a\u003e from docker/dependabot/npm_and_yarn/sigstore-4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/409aef0aa3f48f0a742e7dec4e0e04ab19afe93c\"\u003e\u003ccode\u003e409aef0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/562\"\u003e#562\u003c/a\u003e from docker/dependabot/npm_and_yarn/js-yaml-4.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/49c6e42949280fa0d70fb327633591be54efbfb6\"\u003e\u003ccode\u003e49c6e42\u003c/code\u003e\u003c/a\u003e build(deps): bump sigstore from 4.1.0 to 4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/2211273e8121ecf9ecb7d6c7c0fcd55526d530c7\"\u003e\u003ccode\u003e2211273\u003c/code\u003e\u003c/a\u003e [dependabot skip] chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...bb05f3f5519dd87d3ba754cc423b652a5edd6d2c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 6.19.2 to 7.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve names in esbuild bundle by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1567\"\u003edocker/build-push-action#1567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.90.0 to 0.92.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1545\"\u003edocker/build-push-action#1545\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1572\"\u003edocker/build-push-action#1572\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​sigstore/core\u003c/code\u003e from 3.1.0 to 3.2.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1568\"\u003edocker/build-push-action#1568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.1 to 4.3.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1566\"\u003edocker/build-push-action#1566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1547\"\u003edocker/build-push-action#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.24.1 to 6.27.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1564\"\u003edocker/build-push-action#1564\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.2 to 7.3.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1563\"\u003edocker/build-push-action#1563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.2.0...v7.3.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.2.0...v7.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGit context \u003ca href=\"https://docs.docker.com/build/concepts/context/#url-queries\"\u003equery format\u003c/a\u003e support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.87.0 by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1500\"\u003edocker/build-push-action#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.5.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1489\"\u003edocker/build-push-action#1489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1491\"\u003edocker/build-push-action#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1490\"\u003edocker/build-push-action#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1497\"\u003edocker/build-push-action#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1510\"\u003edocker/build-push-action#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1496\"\u003edocker/build-push-action#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1486\"\u003edocker/build-push-action#1486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1509\"\u003edocker/build-push-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 ...\n\n_Description has been truncated_","html_url":"https://github.com/SinLess-Games/Aerealith/pull/85","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SinLess-Games%2FAerealith/issues/85","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/85/packages"}},{"old_version":"7.0.1","new_version":"9.0.0","update_type":"major","path":null,"pr_created_at":"2026-07-05T00:15:30.000Z","version_change":"7.0.1 → 9.0.0","issue":{"uuid":"4810995119","node_id":"PR_kwDOTGiDBs7t85a6","number":13,"state":"closed","title":"chore(actions)(deps): bump actions/github-script from 7.0.1 to 9.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-07-05T00:18:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-05T00:15:30.000Z","updated_at":"2026-07-05T00:18:41.000Z","time_to_close":189,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(actions)(deps)","packages":[{"name":"actions/github-script","old_version":"7.0.1","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 9.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/60a0d83039c74a4aee543508d2ffcb1c3799cdea...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7.0.1\u0026new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/airdropp20208-star/hermes-omni/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/airdropp20208-star%2Fhermes-omni/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-04T23:06:20.000Z","version_change":"7 → 9","issue":{"uuid":"4810841730","node_id":"PR_kwDOTMznws7t8b5G","number":8,"state":"open","title":"Bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-04T23:06:20.000Z","updated_at":"2026-07-04T23:07:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated an automated workflow action to a newer version for improved reliability and compatibility.\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/LandonTomaine/PlanetExpressPoker/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LandonTomaine%2FPlanetExpressPoker/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"8","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-03T22:41:16.000Z","version_change":"8 → 9","issue":{"uuid":"4806689335","node_id":"PR_kwDOS_o_7M7tv1xn","number":41,"state":"open","title":"chore(ci)(deps): bump the github-actions group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["type: security","type: ci","automated","dependencies"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-03T22:41:16.000Z","updated_at":"2026-07-03T22:45:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps): bump","group_name":"github-actions","update_count":7,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5","new_version":"6","repository_url":"https://github.com/actions/cache"},{"name":"oxsecurity/megalinter","old_version":"9.5.0","new_version":"9.6.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"actions/dependency-review-action","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"docker/setup-buildx-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"6","new_version":"7","repository_url":"https://github.com/docker/build-push-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |\n| [actions/cache](https://github.com/actions/cache) | `5` | `6` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8` | `9` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4` | `5` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |\n\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packages, migrate to ESM by \u003ca href=\"https://github.com/Samirat\"\u003e\u003ccode\u003e@​Samirat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1760\"\u003eactions/cache#1760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/cache/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1775\"\u003eactions/cache#1775\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.1.0\"\u003ehttps://github.com/actions/cache/compare/v5...v5.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e6.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v6.1.0 to pick up \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2435\"\u003eactions/toolkit#2435 Handle cache write error due to read-only token\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch redundant \u0026quot;Cache save failed\u0026quot; warning to debug log in save-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e6.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003e@actions/cache\u003c/code\u003e to ^6.0.1, \u003ccode\u003e@actions/core\u003c/code\u003e to ^3.0.1, \u003ccode\u003e@actions/exec\u003c/code\u003e to ^3.0.0, \u003ccode\u003e@actions/io\u003c/code\u003e to ^3.0.2\u003c/li\u003e\n\u003cli\u003eMigrated to ESM module system\u003c/li\u003e\n\u003cli\u003eUpgraded Jest to v30 and test infrastructure to be ESM compatible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003e\u003ccode\u003e55cc834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1768\"\u003e#1768\u003c/a\u003e from jasongin/readonly-cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337\"\u003e\u003ccode\u003ed8cd72f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle cache write error due to RO token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8\"\u003e\u003ccode\u003e2c8a9bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1760\"\u003e#1760\u003c/a\u003e from actions/samirat/esm_migration_and_package_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023\"\u003e\u003ccode\u003ee9b91fd\u003c/code\u003e\u003c/a\u003e Prettier fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb\"\u003e\u003ccode\u003ee4884b8\u003c/code\u003e\u003c/a\u003e Rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f\"\u003e\u003ccode\u003e10baf01\u003c/code\u003e\u003c/a\u003e Fixed licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37\"\u003e\u003ccode\u003ee39b386\u003c/code\u003e\u003c/a\u003e Fix test mock return order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06\"\u003e\u003ccode\u003eb692820\u003c/code\u003e\u003c/a\u003e PR feedback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1\"\u003e\u003ccode\u003e6074912\u003c/code\u003e\u003c/a\u003e Rebuild dist bundles as ESM to match type:module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e\"\u003e\u003ccode\u003e5a912e8\u003c/code\u003e\u003c/a\u003e Fix lint and jest issues\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v5...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.5.0 to 9.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v9.6.0] - 2026-06-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003e\u003ccode\u003eef3e84b\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8b9259bc485e515ea49a8499d977ea33feaa0dfc\"\u003e\u003ccode\u003e8b9259b\u003c/code\u003e\u003c/a\u003e Skill prepare-release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8245\"\u003e#8245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5810155bf0b4ec19e4024a4cdf6dd30c005f4385\"\u003e\u003ccode\u003e5810155\u003c/code\u003e\u003c/a\u003e chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/aca415ce26db68e09cb01c4c285224c6e1ca0509\"\u003e\u003ccode\u003eaca415c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency semver to v7.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8198\"\u003e#8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/2d8b2746081f6e65e10b938edf1f3ea4f1a07c4d\"\u003e\u003ccode\u003e2d8b274\u003c/code\u003e\u003c/a\u003e Remove max-parallel for linters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e9ab3e93ab1f0259302d98529aa6dc04b140c640\"\u003e\u003ccode\u003ee9ab3e9\u003c/code\u003e\u003c/a\u003e chore(ci): manual run of deploy linters beta job (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8242\"\u003e#8242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a8a636841baaf381cc89769d07ff7eb89aacc8b5\"\u003e\u003ccode\u003ea8a6368\u003c/code\u003e\u003c/a\u003e Changelog (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8241\"\u003e#8241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7f363c6a36174f3850c9c22bb4a1b321fcd7c9bf\"\u003e\u003ccode\u003e7f363c6\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8215\"\u003e#8215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bce5232d6c78c7f00af6ec4a33649cceabeab478\"\u003e\u003ccode\u003ebce5232\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8232\"\u003e#8232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d98266cb441657dac9a3d9bee424ba3b1b0aed7\"\u003e\u003ccode\u003e9d98266\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency realm/swiftlint to v0.65.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8240\"\u003e#8240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/v9.5.0...v9.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4 to 5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.8.3\u003c/h2\u003e\n\u003ch2\u003eDependency Review Action v4.8.3\u003c/h2\u003e\n\u003cp\u003eThis is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.\u003c/p\u003e\n\u003cp\u003eWe have also updated the release process to use a long-lived \u003ccode\u003ev4\u003c/code\u003e \u003cstrong\u003ebranch\u003c/strong\u003e for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Actions can't push to our protected main by \u003ca href=\"https://github.com/dangoor\"\u003e\u003ccode\u003e@​dangoor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1017\"\u003eactions/dependency-review-action#1017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 9.1.0 to 10.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/995\"\u003eactions/dependency-review-action#995\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional comm...\n\n_Description has been truncated_","html_url":"https://github.com/SinLess-Games/Aerealith/pull/41","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SinLess-Games%2FAerealith/issues/41","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/41/packages"}},{"old_version":"8","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-03T22:15:18.000Z","version_change":"8 → 9","issue":{"uuid":"4806589713","node_id":"PR_kwDOS_o_7M7tvhHV","number":40,"state":"closed","title":"chore(ci)(deps): bump the github-actions group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["type: security","type: ci","automated","dependencies"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":"2026-07-03T22:41:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-07-03T22:15:18.000Z","updated_at":"2026-07-03T22:41:08.000Z","time_to_close":1549,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps): bump","group_name":"github-actions","update_count":8,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/cache","old_version":"5","new_version":"6","repository_url":"https://github.com/actions/cache"},{"name":"oxsecurity/megalinter","old_version":"9.5.0","new_version":"9.6.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"actions/dependency-review-action","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"docker/setup-buildx-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"6","new_version":"7","repository_url":"https://github.com/docker/build-push-action"},{"name":"cloudflare/wrangler-action","old_version":"3","new_version":"4","repository_url":"https://github.com/cloudflare/wrangler-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |\n| [actions/cache](https://github.com/actions/cache) | `5` | `6` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.5.0` | `9.6.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8` | `9` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4` | `5` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |\n| [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) | `3` | `4` |\n\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate packages, migrate to ESM by \u003ca href=\"https://github.com/Samirat\"\u003e\u003ccode\u003e@​Samirat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1760\"\u003eactions/cache#1760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/cache/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.1.0 - handle read-only cache access by \u003ca href=\"https://github.com/jasongin\"\u003e\u003ccode\u003e@​jasongin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1775\"\u003eactions/cache#1775\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.1.0\"\u003ehttps://github.com/actions/cache/compare/v5...v5.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e6.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v6.1.0 to pick up \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2435\"\u003eactions/toolkit#2435 Handle cache write error due to read-only token\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch redundant \u0026quot;Cache save failed\u0026quot; warning to debug log in save-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e6.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003e@actions/cache\u003c/code\u003e to ^6.0.1, \u003ccode\u003e@actions/core\u003c/code\u003e to ^3.0.1, \u003ccode\u003e@actions/exec\u003c/code\u003e to ^3.0.0, \u003ccode\u003e@actions/io\u003c/code\u003e to ^3.0.2\u003c/li\u003e\n\u003cli\u003eMigrated to ESM module system\u003c/li\u003e\n\u003cli\u003eUpgraded Jest to v30 and test infrastructure to be ESM compatible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9\"\u003e\u003ccode\u003e55cc834\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1768\"\u003e#1768\u003c/a\u003e from jasongin/readonly-cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337\"\u003e\u003ccode\u003ed8cd72f\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/cache\u003c/code\u003e to v6.1.0 - handle cache write error due to RO token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8\"\u003e\u003ccode\u003e2c8a9bd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1760\"\u003e#1760\u003c/a\u003e from actions/samirat/esm_migration_and_package_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023\"\u003e\u003ccode\u003ee9b91fd\u003c/code\u003e\u003c/a\u003e Prettier fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb\"\u003e\u003ccode\u003ee4884b8\u003c/code\u003e\u003c/a\u003e Rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f\"\u003e\u003ccode\u003e10baf01\u003c/code\u003e\u003c/a\u003e Fixed licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37\"\u003e\u003ccode\u003ee39b386\u003c/code\u003e\u003c/a\u003e Fix test mock return order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06\"\u003e\u003ccode\u003eb692820\u003c/code\u003e\u003c/a\u003e PR feedback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1\"\u003e\u003ccode\u003e6074912\u003c/code\u003e\u003c/a\u003e Rebuild dist bundles as ESM to match type:module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e\"\u003e\u003ccode\u003e5a912e8\u003c/code\u003e\u003c/a\u003e Fix lint and jest issues\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v5...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.5.0 to 9.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v9.6.0] - 2026-06-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLinters can no longer be run via a sibling Docker image at runtime.\u003c/strong\u003e The \u003ccode\u003ecli_docker_image\u003c/code\u003e, \u003ccode\u003ecli_docker_image_version\u003c/code\u003e and \u003ccode\u003ecli_docker_args\u003c/code\u003e descriptor properties (and the matching \u003ccode\u003e\u0026lt;LINTER\u0026gt;_DOCKER_IMAGE_VERSION\u003c/code\u003e variable) have been removed, and MegaLinter no longer mounts \u003ccode\u003e/var/run/docker.sock\u003c/code\u003e (in \u003ccode\u003emega-linter-runner\u003c/code\u003e, the GitHub Action \u003ccode\u003eaction.yml\u003c/code\u003e files, and the Docker daemon previously bundled in flavor images). This closes the host-privilege escalation surface that the mounted Docker socket exposed. The only linter that used this mechanism was \u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e, now installed natively (see below). (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eSWIFT_SWIFTLINT\u003c/code\u003e is now installed from the static \u003ccode\u003eswiftlint-static\u003c/code\u003e binary\u003c/strong\u003e instead of running the \u003ccode\u003eghcr.io/realm/swiftlint\u003c/code\u003e container. It runs natively on the Alpine image with no Docker socket required. SourceKit-dependent rules are disabled in this build and reported to the console when encountered; pure-syntax style rules are unaffected. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8216\"\u003e#8216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7907\"\u003e#7907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkipped-linters summary now explains why a linter was skipped by an activation rule, including the variable to set to activate it (e.g. \u003ccode\u003eMARKDOWN_RUMDL: MARKDOWN_DEFAULT_STYLE=markdownlint (set MARKDOWN_DEFAULT_STYLE=rumdl to activate)\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8017\"\u003e#8017\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/betterleaks/betterleaks\"\u003ebetterleaks\u003c/a\u003e linter for repository secrets scanning — successor to gitleaks with higher recall (98.6% vs 70.4%), lower false-positive rates, and 4–5× faster scanning via BPE-based detection and CEL filter expressions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_APEX\u003c/code\u003e, \u003ccode\u003eSALESFORCE_SFDX_SCANNER_AURA\u003c/code\u003e and \u003ccode\u003eSALESFORCE_SFDX_SCANNER_LWC\u003c/code\u003e — disabled because sfdx-scanner 4.12.0 crashes on Node.js 22+ (\u003ccode\u003eTypeError: Cannot read properties of undefined (reading 'prototype')\u003c/code\u003e, caused by the removal of \u003ccode\u003eSlowBuffer.prototype\u003c/code\u003e), which is shipped with Alpine 3.24. These linters were already deprecated; use the \u003ccode\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/code\u003e / \u003ccode\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/code\u003e variants instead (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e — deprecated in favour of \u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e (same author, fully compatible config, significantly better detection). Will be removed in the next major release. Disable it by adding \u003ccode\u003eREPOSITORY_GITLEAKS\u003c/code\u003e to \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e in your \u003ccode\u003e.mega-linter.yml\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes) (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7869\"\u003e#7869\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_CHECKOV\u003c/code\u003e: in pull-request mode, scan only the files modified in the PR instead of the whole repository (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7119\"\u003e#7119\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: default scan now runs in filesystem (\u003ccode\u003edir\u003c/code\u003e) mode instead of auto-switching to git-history (\u003ccode\u003egit\u003c/code\u003e) mode when a git repository is detected. betterleaks does not read the global git \u003ccode\u003esafe.directory\u003c/code\u003e config, so git mode failed with \u003ccode\u003efatal: detected dubious ownership in repository\u003c/code\u003e in CI environments (e.g. GitHub Actions \u003ccode\u003e/github/workspace\u003c/code\u003e). Git-history mode is still used for the opt-in \u003ccode\u003eREPOSITORY_BETTERLEAKS_PR_COMMITS_SCAN\u003c/code\u003e feature. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_BETTERLEAKS\u003c/code\u003e: added \u003ccode\u003e--verbose\u003c/code\u003e so detected findings (file, line and rule) are reported instead of only the \u003ccode\u003eleaks found: N\u003c/code\u003e summary, matching gitleaks behavior. Secret values stay redacted via \u003ccode\u003e--redact\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8186\"\u003e#8186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eREPOSITORY_OSV_SCANNER\u003c/code\u003e: exit code 128 (\u0026quot;No package sources found\u0026quot;) is now treated as a clean pass instead of a failure — osv-scanner returns this code when the repo contains no lockfiles/manifests/SBOMs, which is not a vulnerability finding (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7917\"\u003e#7917\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix intermittent \u003ccode\u003eansible-lint\u003c/code\u003e \u003ccode\u003eload-failure[not-found]\u003c/code\u003e error on \u003ccode\u003egithub_conf/branch_protection_rules.json\u003c/code\u003e caused by a race condition with \u003ccode\u003echeckov\u003c/code\u003e running in parallel. Checkov's transient GitHub-conf directory is now written to a hidden path (\u003ccode\u003e.megalinter_github_conf\u003c/code\u003e) that project-mode linters skip, eliminating the conflict (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8092\"\u003e#8092\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eComplete the Alpine 3.24 upgrade across the whole image and fix how alpine version is detected. Docker images now build on the \u003ccode\u003epython:3.14-alpine3.24\u003c/code\u003e base image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8080\"\u003e#8080\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAvoid \u003ccode\u003eDeprecationWarning\u003c/code\u003e / future breakage on Python 3.14 by no longer passing \u003ccode\u003ecount\u003c/code\u003e and \u003ccode\u003eflags\u003c/code\u003e as positional arguments to \u003ccode\u003ere.sub\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8211\"\u003e#8211\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7857\"\u003e#7857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emake bootstrap\u003c/code\u003e appearing to hang because exported Make color variables re-evaluated \u003ccode\u003etput\u003c/code\u003e during recursive \u003ccode\u003emake\u003c/code\u003e invocations. (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8090\"\u003e#8090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow MegaLinter containers to run in an opt-in non-root mode matching the host UID:GID on POSIX systems, avoiding root-owned generated files on the host (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/1975\"\u003e#1975\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eRestore missing \u003ccode\u003eexamples\u003c/code\u003e in the Dart descriptor that were dropped from the generated documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7913\"\u003e#7913\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Bitbucket pipeline generator template to trigger builds on pull requests from any branch, by \u003ca href=\"https://github.com/yermulnik\"\u003e\u003ccode\u003e@​yermulnik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/7421\"\u003eoxsecurity/megalinter#7421\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd pnpm installation and usage documentation for JavaScript and TypeScript linters (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8177\"\u003e#8177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003epeter-evans/create-pull-request\u003c/code\u003e to v8 in the documented workflow examples (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8089\"\u003e#8089\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ef3e84b8b836d76db562d0f3ed7da61e8fd538bc\"\u003e\u003ccode\u003eef3e84b\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8b9259bc485e515ea49a8499d977ea33feaa0dfc\"\u003e\u003ccode\u003e8b9259b\u003c/code\u003e\u003c/a\u003e Skill prepare-release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8245\"\u003e#8245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5810155bf0b4ec19e4024a4cdf6dd30c005f4385\"\u003e\u003ccode\u003e5810155\u003c/code\u003e\u003c/a\u003e chore(deps): bump pymdown-extensions from 10.21.3 to 11.0 in /.config/python/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/aca415ce26db68e09cb01c4c285224c6e1ca0509\"\u003e\u003ccode\u003eaca415c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency semver to v7.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8198\"\u003e#8198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/2d8b2746081f6e65e10b938edf1f3ea4f1a07c4d\"\u003e\u003ccode\u003e2d8b274\u003c/code\u003e\u003c/a\u003e Remove max-parallel for linters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e9ab3e93ab1f0259302d98529aa6dc04b140c640\"\u003e\u003ccode\u003ee9ab3e9\u003c/code\u003e\u003c/a\u003e chore(ci): manual run of deploy linters beta job (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8242\"\u003e#8242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a8a636841baaf381cc89769d07ff7eb89aacc8b5\"\u003e\u003ccode\u003ea8a6368\u003c/code\u003e\u003c/a\u003e Changelog (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8241\"\u003e#8241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7f363c6a36174f3850c9c22bb4a1b321fcd7c9bf\"\u003e\u003ccode\u003e7f363c6\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8215\"\u003e#8215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bce5232d6c78c7f00af6ec4a33649cceabeab478\"\u003e\u003ccode\u003ebce5232\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8232\"\u003e#8232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d98266cb441657dac9a3d9bee424ba3b1b0aed7\"\u003e\u003ccode\u003e9d98266\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency realm/swiftlint to v0.65.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8240\"\u003e#8240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/v9.5.0...v9.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4 to 5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.8.3\u003c/h2\u003e\n\u003ch2\u003eDependency Review Action v4.8.3\u003c/h2\u003e\n\u003cp\u003eThis is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.\u003c/p\u003e\n\u003cp\u003eWe have also updated the release process to use a long-lived \u003ccode\u003ev4\u003c/code\u003e \u003cstrong\u003ebranch\u003c/strong\u003e for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Actions can't push to our protected main by \u003ca href=\"https://github.com/dangoor\"\u003e\u003ccode\u003e@​dangoor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1017\"\u003eactions/dependency-review-action#1017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 9.1.0 to 10.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/995\"\u003eactions/dependency-review-action#995\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-r...\n\n_Description has been truncated_","html_url":"https://github.com/SinLess-Games/Aerealith/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SinLess-Games%2FAerealith/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-03T21:56:42.000Z","version_change":"7 → 9","issue":{"uuid":"4806515649","node_id":"PR_kwDOQW23es7tvSFY","number":188,"state":"open","title":"chore(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-03T21:56:42.000Z","updated_at":"2026-07-03T21:56:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/arielwernick/virtual_bookshelf/pull/188","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arielwernick%2Fvirtual_bookshelf/issues/188","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/188/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-02T01:26:35.000Z","version_change":"7 → 9","issue":{"uuid":"4790448658","node_id":"PR_kwDOS1kzZ87s7BXj","number":76,"state":"open","title":"chore(deps): bump the actions group across 1 directory with 15 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-02T01:26:35.000Z","updated_at":"2026-07-02T01:26:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":15,"packages":[{"name":"actions/checkout","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"4","new_version":"6","repository_url":"https://github.com/actions/setup-node"},{"name":"stefanzweifel/git-auto-commit-action","old_version":"5","new_version":"7","repository_url":"https://github.com/stefanzweifel/git-auto-commit-action"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"softprops/action-gh-release","old_version":"2","new_version":"3","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"hadolint/hadolint-action","old_version":"3.1.0","new_version":"3.3.0","repository_url":"https://github.com/hadolint/hadolint-action"},{"name":"codecov/codecov-action","old_version":"4","new_version":"7","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/download-artifact","old_version":"4","new_version":"8","repository_url":"https://github.com/actions/download-artifact"},{"name":"docker/setup-buildx-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"3","new_version":"4","repository_url":"https://github.com/docker/login-action"},{"name":"docker/build-push-action","old_version":"6","new_version":"7","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/upload-pages-artifact","old_version":"3","new_version":"5","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/deploy-pages"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"peter-evans/create-pull-request","old_version":"6","new_version":"8","repository_url":"https://github.com/peter-evans/create-pull-request"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4` | `7` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |\n| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `5` | `7` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` |\n| [hadolint/hadolint-action](https://github.com/hadolint/hadolint-action) | `3.1.0` | `3.3.0` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `7` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |\n| [docker/login-action](https://github.com/docker/login-action) | `3` | `4` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `5` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4` | `5` |\n| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |\n| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6` | `8` |\n\n\nUpdates `actions/checkout` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 4 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking Changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLimit automatic caching to npm, update workflows and documentation by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1374\"\u003eactions/setup-node#1374\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDependency Upgrades\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1336\"\u003e#1336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade prettier from 2.8.8 to 3.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1334\"\u003e#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/publish-action from 0.3.0 to 0.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1362\"\u003e#1362\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v5...v6.0.0\"\u003ehttps://github.com/actions/setup-node/compare/v5...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhance caching in setup-node with automatic package manager detection by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1348\"\u003eactions/setup-node#1348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis update, introduces automatic caching when a valid \u003ccode\u003epackageManager\u003c/code\u003e field is present in your \u003ccode\u003epackage.json\u003c/code\u003e. This aims to improve workflow performance and make dependency management more seamless.\nTo disable this automatic caching, set \u003ccode\u003epackage-manager-cache: false\u003c/code\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003esteps:\r\n- uses: actions/checkout@v5\r\n- uses: actions/setup-node@v5\r\n  with:\r\n    package-manager-cache: false\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade action to use node24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1325\"\u003eactions/setup-node#1325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMake sure your runner is on version v2.327.1 or later to ensure compatibility with this release. \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eSee Release Notes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eDependency Upgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​octokit/request-error\u003c/code\u003e and \u003ccode\u003e@​actions/github\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1227\"\u003eactions/setup-node#1227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade uuid from 9.0.1 to 11.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1273\"\u003eactions/setup-node#1273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade undici from 5.28.5 to 5.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1295\"\u003eactions/setup-node#1295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade form-data to bring in fix for critical vulnerability by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1332\"\u003eactions/setup-node#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1345\"\u003eactions/setup-node#1345\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1348\"\u003eactions/setup-node#1348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1325\"\u003eactions/setup-node#1325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/setup-node/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/v4...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `stefanzweifel/git-auto-commit-action` from 5 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/releases\"\u003estefanzweifel/git-auto-commit-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore skip_fetch, skip_checkout, create_branch (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388\"\u003e#388\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestore Detached State Detection (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393\"\u003e#393\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Support for Tag Messages (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391\"\u003e#391\u003c/a\u003e) \u003ca href=\"https://github.com/@EliasBoulharts\"\u003e\u003ccode\u003e@​EliasBoulharts\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRun Action on Node 24 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389\"\u003e#389\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386\"\u003e#386\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable Check if Repo is in Detached State (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379\"\u003e#379\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThrow error early if repository is in a detached state (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357\"\u003e#357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix PAT instructions with Dependabot (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376\"\u003e#376\u003c/a\u003e) \u003ca href=\"https://github.com/@Dreamsorcerer\"\u003e\u003ccode\u003e@​Dreamsorcerer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRemoved\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for \u003ccode\u003ecreate_branch\u003c/code\u003e, \u003ccode\u003eskip_checkout\u003c/code\u003e, \u003ccode\u003eskip_Fetch\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ecreate_git_tag_only\u003c/code\u003e option to skip commiting and always create a git-tag. (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/364\"\u003e#364\u003c/a\u003e) \u003ca href=\"https://github.com/@zMynxx\"\u003e\u003ccode\u003e@​zMynxx\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Test for \u003ccode\u003ecreate_git_tag_only\u003c/code\u003e feature (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/367\"\u003e#367\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Update README.md per \u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/354\"\u003e#354\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/361\"\u003e#361\u003c/a\u003e) \u003ca href=\"https://github.com/@rasa\"\u003e\u003ccode\u003e@​rasa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInclude \u003ccode\u003egithub.actor_id\u003c/code\u003e in default \u003ccode\u003ecommit_author\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/354\"\u003e#354\u003c/a\u003e) \u003ca href=\"https://github.com/@parkerbxyz\"\u003e\u003ccode\u003e@​parkerbxyz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md\"\u003estefanzweifel/git-auto-commit-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...v7.1.0\"\u003ev7.1.0\u003c/a\u003e - 2025-12-17\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd skip_push input option (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/401\"\u003e#401\u003c/a\u003e) \u003ca href=\"https://github.com/@kvanzuijlen\"\u003e\u003ccode\u003e@​kvanzuijlen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: fix typo in README.md (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/400\"\u003e#400\u003c/a\u003e) \u003ca href=\"https://github.com/@GideonBear\"\u003e\u003ccode\u003e@​GideonBear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/399\"\u003e#399\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump bats from 1.12.0 to 1.13.0 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/398\"\u003e#398\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...v7.0.0\"\u003ev7.0.0\u003c/a\u003e - 2025-10-12\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore skip_fetch, skip_checkout, create_branch (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388\"\u003e#388\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestore Detached State Detection (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393\"\u003e#393\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Support for Tag Messages (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391\"\u003e#391\u003c/a\u003e) \u003ca href=\"https://github.com/@EliasBoulharts\"\u003e\u003ccode\u003e@​EliasBoulharts\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun Action on Node 24 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389\"\u003e#389\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386\"\u003e#386\u003c/a\u003e) [@\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e](\u003ca href=\"https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)\"\u003ehttps://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1\"\u003ev6.0.1\u003c/a\u003e - 2025-06-11\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable Check if Repo is in Detached State (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379\"\u003e#379\u003c/a\u003e) \u003ca href=\"https://github.com/@stefanzweifel\"\u003e\u003ccode\u003e@​stefanzweifel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0\"\u003ev6.0.0\u003c/a\u003e - 2025-06-10\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow error early if repository is in a detached state (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/357\"\u003e#357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PAT instructions with Dependabot (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/376\"\u003e#376\u003c/a\u003e) \u003ca href=\"https://github.com/@Dreamsorcerer\"\u003e\u003ccode\u003e@​Dreamsorcerer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for \u003ccode\u003ecreate_branch\u003c/code\u003e, \u003ccode\u003eskip_checkout\u003c/code\u003e, \u003ccode\u003eskip_Fetch\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/4a55954c782fc1ea30b9056cd3e7a2b40ca8887d\"\u003e\u003ccode\u003e4a55954\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/9f6c933320c44425cf7ea45b6e16bfe90e271fa0\"\u003e\u003ccode\u003e9f6c933\u003c/code\u003e\u003c/a\u003e Add hooks to run shell snippets around git operations (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/411\"\u003e#411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/c365a749b49f73199b8f7125f4d4ab6dfac90802\"\u003e\u003ccode\u003ec365a74\u003c/code\u003e\u003c/a\u003e Emit warning for pull_request_target trigger usage (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/d28176c21fcd0cb43d5b5cf374322d8956224019\"\u003e\u003ccode\u003ed28176c\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6 to 7 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/409\"\u003e#409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/25df622d80fcf2b5fb70bfa5b4ec0871f574881a\"\u003e\u003ccode\u003e25df622\u003c/code\u003e\u003c/a\u003e Add EXAMPLES.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/32e98448120552541e630c7992836985b7c00748\"\u003e\u003ccode\u003e32e9844\u003c/code\u003e\u003c/a\u003e docs(action): fix input and output descriptions in action.yml (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/406\"\u003e#406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/a3ed46f7fde121393bfde63d43ae6c1d306b212d\"\u003e\u003ccode\u003ea3ed46f\u003c/code\u003e\u003c/a\u003e docs: fix typos, grammar, and formatting across markdown files (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/408\"\u003e#408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/b4d688c2241cae5a43003f0a0108bae3b3f25146\"\u003e\u003ccode\u003eb4d688c\u003c/code\u003e\u003c/a\u003e docs: fix broken and redirecting URLs in README.md (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/407\"\u003e#407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/f53a62c26ed5971dd2ed8768e4142f08c767ea37\"\u003e\u003ccode\u003ef53a62c\u003c/code\u003e\u003c/a\u003e README: clearify meaning of the repository field (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/commit/4fc4bbf34c756a23fa53d40bc01e8ddd276d51b9\"\u003e\u003ccode\u003e4fc4bbf\u003c/code\u003e\u003c/a\u003e Bump release-drafter/release-drafter from 6 to 7 (\u003ca href=\"https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action/compare/v5...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we're treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2 to 3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix issue with multiple runs concatenating release bodies \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/145\"\u003e#145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/718ea10b132b3b2eba29c1007bb80653f286566b\"\u003e\u003ccode\u003e718ea10\u003c/code\u003e\u003c/a\u003e release 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/f1a938b9d84ca9b770d0d8dfeb3e7285fe261e63\"\u003e\u003ccode\u003ef1a938b\u003c/code\u003e\u003c/a\u003e chore(deps): bump esbuild from 0.28.0 to 0.28.1 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/802\"\u003e#802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/0066ead0de7252b4876b36b5357fc3974619d36a\"\u003e\u003ccode\u003e0066ead\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.14 to 8.0.16 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/806\"\u003e#806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/dc643cac6252aaa00c9b0b6c940d489cd7bf6b23\"\u003e\u003ccode\u003edc643ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 3 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/805\"\u003e#805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/85ee99b6b20742a3823a8a289ee5e6ceab44e8aa\"\u003e\u003ccode\u003e85ee99b\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout in the github-actions group (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/804\"\u003e#804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/9ed3cf9a6863b31f005d951c8d19de20628cf4eb\"\u003e\u003ccode\u003e9ed3cf9\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 2 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/800\"\u003e#800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3efcac8951299998593f871640ea8059d6818655\"\u003e\u003ccode\u003e3efcac8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 3 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/798\"\u003e#798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/05d6b9164aa74958de40b0179d6a773112fcdc7f\"\u003e\u003ccode\u003e05d6b91\u003c/code\u003e\u003c/a\u003e chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/797\"\u003e#797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/403a5240f3837fa857f642062e05aad6bb3391ca\"\u003e\u003ccode\u003e403a524\u003c/code\u003e\u003c/a\u003e chore(deps): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.12.2 to 24.12.3 in the npm group (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/437e073e786973c6b6af97d9e445c41ae43b1d29\"\u003e\u003ccode\u003e437e073\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group with 4 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/792\"\u003e#792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hadolint/hadolint-action` from 3.1.0 to 3.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hadolint/hadolint-action/releases\"\u003ehadolint/hadolint-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.3.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/compare/v3.2.0...v3.3.0\"\u003e3.3.0\u003c/a\u003e (2025-09-22)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003etrigger release workflow (\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/2332a7b74a6de0dda2e2221d575162eba76ba5e5\"\u003e2332a7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/compare/v3.1.0...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2025-09-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enew minor release (\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3fc49fb50d59c6ab7917a2e4195dba633e515b29\"\u003e3fc49fb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/2332a7b74a6de0dda2e2221d575162eba76ba5e5\"\u003e\u003ccode\u003e2332a7b\u003c/code\u003e\u003c/a\u003e feat: trigger release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/2bfd2b95f895100db2ca84c3054a8ce50f1fc611\"\u003e\u003ccode\u003e2bfd2b9\u003c/code\u003e\u003c/a\u003e Don't trigger release workflow on Tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/0931ae097296863e5f188b8c6a0c5f9b95f79793\"\u003e\u003ccode\u003e0931ae0\u003c/code\u003e\u003c/a\u003e Release v3.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3fc49fb50d59c6ab7917a2e4195dba633e515b29\"\u003e\u003ccode\u003e3fc49fb\u003c/code\u003e\u003c/a\u003e feat: new minor release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/45eb072a0b555fab4dfc5b7f863a41b150431d11\"\u003e\u003ccode\u003e45eb072\u003c/code\u003e\u003c/a\u003e Trigger release workflow on tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/97f3e4f6bea3e14583def682306d106f07ccfe75\"\u003e\u003ccode\u003e97f3e4f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hadolint/hadolint-action/issues/94\"\u003e#94\u003c/a\u003e from felipecrs/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3e9a095cc7001116bae7f7d2d89ef20b1156aa25\"\u003e\u003ccode\u003e3e9a095\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/3285327e7ad2e137653f6da3d6640d30c05b9e1d\"\u003e\u003ccode\u003e3285327\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hadolint/hadolint-action/issues/96\"\u003e#96\u003c/a\u003e from m-ildefons/update-ci-yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/8bde06f9ce374f8d841c43a38da556483c397f32\"\u003e\u003ccode\u003e8bde06f\u003c/code\u003e\u003c/a\u003e Update CI yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hadolint/hadolint-action/commit/24598f413ebc646232a0218bac5e314f7a8632ce\"\u003e\u003ccode\u003e24598f4\u003c/code\u003e\u003c/a\u003e Update base image for Hadolint\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hadolint/hadolint-action/compare/v3.1.0...v3.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cp\u003e⚠️ Due to migration issues with keybase, we are unable to update our keys under the \u003ccode\u003ecodecovsecurity\u003c/code\u003e account. We have deleted the account and are using \u003ccode\u003ecodecovsecops\u003c/code\u003e with the original gpg key\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cp\u003eThis is a copy of the \u003ccode\u003ev7.0.0\u003c/code\u003e release to make updates easier\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.5\u003c/h2\u003e\n\u003cp\u003eThis release only contains the keybase.io change as described \u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1956\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v5.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/fb8b3582c8e4def4969c97caa2f19720cb33a72f\"\u003e\u003ccode\u003efb8b358\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1957\"\u003e#1957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/ca0a928a4cb3911011e868128a5cd90437c12db1\"\u003e\u003ccode\u003eca0a928\u003c/code\u003e\u003c/a\u003e ci: remove Enforce License Compliance workflow (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003e\u003ccode\u003e57e3a13\u003c/code\u003e\u003c/a\u003e Th/6.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1928\"\u003e#1928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/f67d33dda8a42b51c42a8318a1f66468119e898b\"\u003e\u003ccode\u003ef67d33d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/75cd11691c0faa626561e295848008c8a7dddffe\"\u003e\u003ccode\u003e75cd116\u003c/code\u003e\u003c/a\u003e chore(release): 5.5.4 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1927\"\u003e#1927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/87d39f4a2cec2673cf9505764fb20a38792ea722\"\u003e\u003ccode\u003e87d39f4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/1af58845a975a7985b0beb0cbe6fbbb71a41dbad\"\u003e\u003ccode\u003e1af5884\u003c/code\u003e\u003c/a\u003e chore(release): bump to 5.5.3 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1922\"\u003e#1922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/c143300dea6c9a730986ff862c5bf4d458927ef8\"\u003e\u003ccode\u003ec143300\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1874\"\u003e#1874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/codecov/codecov-action/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4 to 8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactio...\n\n_Description has been truncated_","html_url":"https://github.com/edithatogo/nlp-policy-nz/pull/76","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/edithatogo%2Fnlp-policy-nz/issues/76","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/76/packages"}},{"old_version":"8","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-02T00:56:54.000Z","version_change":"8 → 9","issue":{"uuid":"4790327385","node_id":"PR_kwDOS1kAFc7s6p4z","number":11,"state":"open","title":"Bump actions/github-script from 8 to 9","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-02T00:56:54.000Z","updated_at":"2026-07-02T00:59:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=8\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Data-Insight-Solutions/Reckons.AI/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Data-Insight-Solutions%2FReckons.AI/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"8.0.0","new_version":"9.0.0","update_type":"major","path":null,"pr_created_at":"2026-07-01T02:35:31.000Z","version_change":"8.0.0 → 9.0.0","issue":{"uuid":"4781899406","node_id":"PR_kwDORT7jw87sfBic","number":47,"state":"open","title":"build(deps): bump the actions group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["skip issue","skip news"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T02:35:31.000Z","updated_at":"2026-07-01T05:09:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"actions","update_count":3,"packages":[{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"j178/prek-action","old_version":"1.1.1","new_version":"2.0.4","repository_url":"https://github.com/j178/prek-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 3 updates in the / directory: [actions/github-script](https://github.com/actions/github-script), [actions/checkout](https://github.com/actions/checkout) and [j178/prek-action](https://github.com/j178/prek-action).\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `j178/prek-action` from 1.1.1 to 2.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek-action/releases\"\u003ej178/prek-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.12 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/131\"\u003ej178/prek-action#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.13 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/132\"\u003ej178/prek-action#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.4.0 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/133\"\u003ej178/prek-action#133\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.4\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse single action entrypoint by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/128\"\u003ej178/prek-action#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.10 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/123\"\u003ej178/prek-action#123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.11 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/124\"\u003ej178/prek-action#124\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.3\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce missing checksum log noise by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/117\"\u003ej178/prek-action#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate zizmorcore/zizmor-action action to v0.5.2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/118\"\u003ej178/prek-action#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.9 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/119\"\u003ej178/prek-action#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.2\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove redundant show-verbose-logs empty-string guard by \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/112\"\u003ej178/prek-action#112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRename action.yaml to action.yml by \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/113\"\u003ej178/prek-action#113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate known versions for prek 0.3.8 by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/114\"\u003ej178/prek-action#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove update-known-versions job by \u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/115\"\u003ej178/prek-action#115\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v2...v2.0.1\"\u003ehttps://github.com/j178/prek-action/compare/v2...v2.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompletely rewritten in TypeScript for a more maintainable and modern implementation (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/76\"\u003e#76\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprek-version\u003c/code\u003e now supports semver ranges such as \u003ccode\u003e0.3.x\u003c/code\u003e, with faster and more reliable version resolution (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/81\"\u003e#81\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/80\"\u003e#80\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/92\"\u003e#92\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/94\"\u003e#94\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDownloaded \u003ccode\u003eprek\u003c/code\u003e archives are now validated against known checksums before install (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/83\"\u003e#83\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eshow-verbose-logs\u003c/code\u003e to control whether verbose \u003ccode\u003eprek\u003c/code\u003e logs are printed after the run (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/78\"\u003e#78\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved caching behavior with an explicit \u003ccode\u003ecache\u003c/code\u003e input, a new \u003ccode\u003ecache-hit\u003c/code\u003e output, corrected cache path resolution, and fixes for redundant cache saves (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/91\"\u003e#91\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/102\"\u003e#102\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/110\"\u003e#110\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/j178/prek-action/pull/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved Windows install performance by optimizing ZIP extraction (\u003ca href=\"https://redirect.github.com/j178/prek-action/pull/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/j178/prek-action/compare/v1...v2.0.0\"\u003ehttps://github.com/j178/prek-action/compare/v1...v2.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/bdca6f102f98e2b4c7029491a53dfd366469e33d\"\u003e\u003ccode\u003ebdca6f1\u003c/code\u003e\u003c/a\u003e Update actions/setup-node action to v6.4.0 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/3230ac790833e10f3e8ba07295920e3444308738\"\u003e\u003ccode\u003e3230ac7\u003c/code\u003e\u003c/a\u003e Update dependency vitest to v4.1.5 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/9a332a1ec100db5036bea50019fd2a90d3fdace0\"\u003e\u003ccode\u003e9a332a1\u003c/code\u003e\u003c/a\u003e Update pre-commit hook biomejs/pre-commit to v2.4.13 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/136\"\u003e#136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/8b5690122c644b0e39930aff09acacfaf21e5845\"\u003e\u003ccode\u003e8b56901\u003c/code\u003e\u003c/a\u003e Update known versions for prek 0.4.0 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/4a83041fd50018534ecf99331c324cba3c06cf5e\"\u003e\u003ccode\u003e4a83041\u003c/code\u003e\u003c/a\u003e Update known versions for prek 0.3.13 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/fe609835004edf84ea2d974629fd1e9e49ea4371\"\u003e\u003ccode\u003efe60983\u003c/code\u003e\u003c/a\u003e Update known versions for prek 0.3.12 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/6f2f302147053e50286fb30e7c25e530503f50c2\"\u003e\u003ccode\u003e6f2f302\u003c/code\u003e\u003c/a\u003e Update pre-commit hook biomejs/pre-commit to v2.4.12 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/6ad80277337ad479fe43bd70701c3f7f8aa74db3\"\u003e\u003ccode\u003e6ad8027\u003c/code\u003e\u003c/a\u003e Use single action entrypoint (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/128\"\u003e#128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/f8c977a1d249f9c1b30e812ea3d04379f0ecf344\"\u003e\u003ccode\u003ef8c977a\u003c/code\u003e\u003c/a\u003e Update dependency typescript to v6 (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek-action/commit/7c137cf2a0edba5ec68921a9afea6364f146bbdf\"\u003e\u003ccode\u003e7c137cf\u003c/code\u003e\u003c/a\u003e Update npm dev dependencies (\u003ca href=\"https://redirect.github.com/j178/prek-action/issues/125\"\u003e#125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek-action/compare/0bb87d7f00b0c99306c8bcb8b8beba1eb581c037...bdca6f102f98e2b4c7029491a53dfd366469e33d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/zrsx/cpython/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zrsx%2Fcpython/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"8","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-01T02:22:58.000Z","version_change":"8 → 9","issue":{"uuid":"4781840863","node_id":"PR_kwDOI2JFeM7se1bd","number":213,"state":"open","title":"Bump the first-party group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T02:22:58.000Z","updated_at":"2026-07-01T02:27:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"first-party","update_count":5,"packages":[{"name":"actions/checkout","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/checkout"},{"name":"actions/attest-build-provenance","old_version":"3","new_version":"4","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"actions/github-script","old_version":"8","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"actions/upload-artifact","old_version":"6","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/download-artifact","old_version":"7","new_version":"8","repository_url":"https://github.com/actions/download-artifact"}],"path":null,"ecosystem":"actions"},"body":"Bumps the first-party group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3` | `4` |\n| [actions/github-script](https://github.com/actions/github-script) | `8` | `9` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `7` | `8` |\n\n\nUpdates `actions/checkout` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 3 to 4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v3 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/697\"\u003eactions/attest-build-provenance#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/749\"\u003eactions/attest-build-provenance#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 7.5.1 to 7.5.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/753\"\u003eactions/attest-build-provenance#753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/754\"\u003eactions/attest-build-provenance#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.1 to 25.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/774\"\u003eactions/attest-build-provenance#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 1.6.0 to 2.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/736\"\u003eactions/attest-build-provenance#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 2.0.0 to 2.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/775\"\u003eactions/attest-build-provenance#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for creating artifact metadata storage records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3...v3.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0f67c3f4856b2e3261c31976d6725780e5e4c373\"\u003e\u003ccode\u003e0f67c3f\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.3 to 7.0.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/21b787db45d5d4b6fc776b99a247a6493082d1fd\"\u003e\u003ccode\u003e21b787d\u003c/code\u003e\u003c/a\u003e Update actions/attest to v4.1.1 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/f14352a605c57b0a66e0d49bba5825967f1dbedf\"\u003e\u003ccode\u003ef14352a\u003c/code\u003e\u003c/a\u003e add dependabot cooldown (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/851\"\u003e#851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/2c04a00460b64b4dfd062384e60ea87fa18e1728\"\u003e\u003ccode\u003e2c04a00\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.2 to 6.0.3 in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/10334b5f1e684784025c3fc0a277c88c19089275\"\u003e\u003ccode\u003e10334b5\u003c/code\u003e\u003c/a\u003e remove badges from README (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c5efebd311e9a809e832398ca2b73bb429ff3508\"\u003e\u003ccode\u003ec5efebd\u003c/code\u003e\u003c/a\u003e remove prober workflows (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8 to 9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v8...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 7 to 8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3\"\u003e\u003ccode\u003e70fc10c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/461\"\u003e#461\u003c/a\u003e from actions/danwkennedy/digest-mismatch-behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62\"\u003e\u003ccode\u003ef258da9\u003c/code\u003e\u003c/a\u003e Add change docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c\"\u003e\u003ccode\u003eccc058e\u003c/code\u003e\u003c/a\u003e Fix linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd\"\u003e\u003ccode\u003ebd7976b\u003c/code\u003e\u003c/a\u003e Add a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c\"\u003e\u003ccode\u003eac21fcf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/460\"\u003e#460\u003c/a\u003e from actions/danwkennedy/download-no-unzip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0\"\u003e\u003ccode\u003e15999bf\u003c/code\u003e\u003c/a\u003e Add note about package bumps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561\"\u003e\u003ccode\u003e974686e\u003c/code\u003e\u003c/a\u003e Bump the version to \u003ccode\u003ev8\u003c/code\u003e and add release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75\"\u003e\u003ccode\u003efbe48b1\u003c/code\u003e\u003c/a\u003e Update test names to make it clearer what they do\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/matiaskorhonen/paper-age/pull/213","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/matiaskorhonen%2Fpaper-age/issues/213","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/213/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-07-01T01:16:35.000Z","version_change":"7 → 9","issue":{"uuid":"4781552482","node_id":"PR_kwDOQJflCs7sd61o","number":55,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-07-01T01:16:35.000Z","updated_at":"2026-07-01T01:21:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":15,"packages":[{"name":"step-security/harden-runner","old_version":"2.13.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"5.0.0","new_version":"7.0.0","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"6.0.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"github/codeql-action/init","old_version":"4.31.0","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"github/codeql-action/analyze","old_version":"4.31.0","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/dependency-review-action","old_version":"45529485b5eb76184ced07362d2331fd9d26f03f","new_version":"dcd589ca9f7a6ded22e224ca2e288beb6bf9846b","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"crazy-max/ghaction-import-gpg","old_version":"6","new_version":"7","repository_url":"https://github.com/crazy-max/ghaction-import-gpg"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"softprops/action-gh-release","old_version":"2.2.1","new_version":"3.0.1","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/attest-build-provenance","old_version":"3.0.0","new_version":"4.1.1","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"github/codeql-action/upload-sarif","old_version":"4.31.0","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/stale","old_version":"10.1.0","new_version":"10.3.0","repository_url":"https://github.com/actions/stale"},{"name":"actions/ai-inference","old_version":"2.0.1","new_version":"2.1.1","repository_url":"https://github.com/actions/ai-inference"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `7.0.0` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.0.0` | `6.4.0` |\n| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.31.0` | `4.36.2` |\n| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.31.0` | `4.36.2` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `45529485b5eb76184ced07362d2331fd9d26f03f` | `dcd589ca9f7a6ded22e224ca2e288beb6bf9846b` |\n| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6` | `7` |\n| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.1` | `3.0.1` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3.0.0` | `4.1.1` |\n| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.31.0` | `4.36.2` |\n| [actions/stale](https://github.com/actions/stale) | `10.1.0` | `10.3.0` |\n| [actions/ai-inference](https://github.com/actions/ai-inference) | `2.0.1` | `2.1.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n\n\nUpdates `step-security/harden-runner` from 2.13.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.13.1...v2.19.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 5.0.0 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eblock checking out fork pr for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egetting ready for checkout v7 release by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2464\"\u003eactions/checkout#2464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate error wording by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2467\"\u003eactions/checkout#2467\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.3...v7.0.0\"\u003ehttps://github.com/actions/checkout/compare/v6.0.3...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBlock checking out fork PR for pull_request_target and workflow_run by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2454\"\u003eactions/checkout#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2458\"\u003eactions/checkout#2458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2460\"\u003eactions/checkout#2460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2461\"\u003eactions/checkout#2461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2459\"\u003eactions/checkout#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade module to esm and update dependencies by \u003ca href=\"https://github.com/aiqiaoy\"\u003e\u003ccode\u003e@​aiqiaoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2463\"\u003eactions/checkout#2463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2462\"\u003eactions/checkout#2462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003e\u003ccode\u003e9c091bb\u003c/code\u003e\u003c/a\u003e update error wording (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a\"\u003e\u003ccode\u003e1044a6d\u003c/code\u003e\u003c/a\u003e getting ready for checkout v7 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f\"\u003e\u003ccode\u003ef028218\u003c/code\u003e\u003c/a\u003e Bump the minor-npm-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2462\"\u003e#2462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d\"\u003e\u003ccode\u003ed914b26\u003c/code\u003e\u003c/a\u003e upgrade module to esm and update dependencies (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2463\"\u003e#2463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d\"\u003e\u003ccode\u003e537c7ef\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e and \u003ccode\u003e@​actions/tool-cache\u003c/code\u003e and Remove uuid (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2459\"\u003e#2459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6\"\u003e\u003ccode\u003e130a169\u003c/code\u003e\u003c/a\u003e Bump js-yaml from 4.1.0 to 4.2.0 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2461\"\u003e#2461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3\"\u003e\u003ccode\u003e7d09575\u003c/code\u003e\u003c/a\u003e Bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2460\"\u003e#2460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e\"\u003e\u003ccode\u003e0f9f3aa\u003c/code\u003e\u003c/a\u003e Bump actions/publish-immutable-action (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2458\"\u003e#2458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7\"\u003e\u003ccode\u003ef9e715a\u003c/code\u003e\u003c/a\u003e block checking out fork pr for pull_request_target and workflow_run (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2454\"\u003e#2454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.0.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport parsing \u003ccode\u003edevEngines\u003c/code\u003e field by \u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWhen using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm audit issues by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1491\"\u003eactions/setup-node#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace uuid with crypto.randomUUID() by \u003ca href=\"https://github.com/trivikr\"\u003e\u003ccode\u003e@​trivikr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1378\"\u003eactions/setup-node#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1498\"\u003eactions/setup-node#1498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove hardcoded bearer for mirror-url \u003ca href=\"https://github.com/marco-ippolito\"\u003e\u003ccode\u003e@​marco-ippolito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1467\"\u003eactions/setup-node#1467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eScope test lockfiles by package manager and update cache tests by \u003ca href=\"https://github.com/gowridurgad\"\u003e\u003ccode\u003e@​gowridurgad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1495\"\u003eactions/setup-node#1495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/susnux\"\u003e\u003ccode\u003e@​susnux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1283\"\u003eactions/setup-node#1283\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.3.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocumentation update related to absence of Lockfile by \u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect mirror option typos by \u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme update on checkout version v6 by \u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme typo fixes \u003ca href=\"https://github.com/munyari\"\u003e\u003ccode\u003e@​munyari\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1226\"\u003eactions/setup-node#1226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdvanced document update on checkout version v6 by \u003ca href=\"https://github.com/aparnajyothi-y\"\u003e\u003ccode\u003e@​aparnajyothi-y\u003c/code\u003e\u003c/a\u003e  in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1468\"\u003eactions/setup-node#1468\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/cache\u003c/code\u003e to v5.0.1 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1449\"\u003eactions/setup-node#1449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahabaleshwars\"\u003e\u003ccode\u003e@​mahabaleshwars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1454\"\u003eactions/setup-node#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MikeMcC399\"\u003e\u003ccode\u003e@​MikeMcC399\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1442\"\u003eactions/setup-node#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/deining\"\u003e\u003ccode\u003e@​deining\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1446\"\u003eactions/setup-node#1446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f\"\u003e\u003ccode\u003e53b8394\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1498\"\u003e#1498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc\"\u003e\u003ccode\u003e54045ab\u003c/code\u003e\u003c/a\u003e Scope test lockfiles by package manager and update cache tests (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a\"\u003e\u003ccode\u003ec882bff\u003c/code\u003e\u003c/a\u003e Replace uuid with crypto.randomUUID() (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d\"\u003e\u003ccode\u003e774c1d6\u003c/code\u003e\u003c/a\u003e feat(node-version-file): support parsing \u003ccode\u003edevEngines\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1283\"\u003e#1283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e\"\u003e\u003ccode\u003eefcb663\u003c/code\u003e\u003c/a\u003e fix: remove hardcoded bearer (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1467\"\u003e#1467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb\"\u003e\u003ccode\u003ed02c89d\u003c/code\u003e\u003c/a\u003e Fix npm audit issues (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238\"\u003e\u003ccode\u003e6044e13\u003c/code\u003e\u003c/a\u003e Docs: bump actions/checkout from v5 to v6 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1468\"\u003e#1468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657\"\u003e\u003ccode\u003e8e49463\u003c/code\u003e\u003c/a\u003e Fix README typo (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1226\"\u003e#1226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action/init` from 4.31.0 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action/init's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action/init's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v4.36.2-dcb947ce1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a\"\u003e\u003ccode\u003ef521b08\u003c/code\u003e\u003c/a\u003e Add additional changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08\"\u003e\u003ccode\u003e8aeff0f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c\"\u003e\u003ccode\u003edcb947c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3948\"\u003e#3948\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9\"\u003e\u003ccode\u003ec251bce\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c\"\u003e\u003ccode\u003e62953c1\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37\"\u003e\u003ccode\u003e423b570\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3946\"\u003e#3946\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-5d507a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496\"\u003e\u003ccode\u003ec35d1b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3947\"\u003e#3947\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd\"\u003e\u003ccode\u003ecb1a588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3937\"\u003e#3937\u003c/a\u003e from github/robertbrignull/waitForProcessing_backoff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206\"\u003e\u003ccode\u003eba47406\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3943\"\u003e#3943\u003c/a\u003e from github/henrymercer/cache-cli-version-info\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/4e94bd11f71e507f7f87df81788dff88d1dacbfb...8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action/analyze` from 4.31.0 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action/analyze's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action/analyze's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v...\n\n_Description has been truncated_","html_url":"https://github.com/xiaomizhoubaobei/MZAPI-TS/pull/55","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaomizhoubaobei%2FMZAPI-TS/issues/55","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/55/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-06-30T22:32:13.000Z","version_change":"7 → 9","issue":{"uuid":"4780850436","node_id":"PR_kwDOTJ6gq87sbpny","number":1,"state":"open","title":"Bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-30T22:32:13.000Z","updated_at":"2026-06-30T22:32:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fantasyia/somatec_web/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyia%2Fsomatec_web/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-06-30T18:44:15.000Z","version_change":"7 → 9","issue":{"uuid":"4779539154","node_id":"PR_kwDOTCLi4s7sXWl_","number":185,"state":"open","title":"ci(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-30T18:44:15.000Z","updated_at":"2026-06-30T18:48:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Commonfields25/Interceptor_M/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Commonfields25%2FInterceptor_M/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"}},{"old_version":"8.0.0","new_version":"9.0.0","update_type":"major","path":null,"pr_created_at":"2026-06-29T17:05:04.000Z","version_change":"8.0.0 → 9.0.0","issue":{"uuid":"4770107466","node_id":"PR_kwDORMkKiM7r4Von","number":56,"state":"open","title":"ci: bump actions/github-script from 8.0.0 to 9.0.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-29T17:05:04.000Z","updated_at":"2026-06-29T17:11:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci","packages":[{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=8.0.0\u0026new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/jongio/azd-copilot/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jongio%2Fazd-copilot/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-06-29T09:35:17.000Z","version_change":"7 → 9","issue":{"uuid":"4766864531","node_id":"PR_kwDORHBJRc7rtnNC","number":390,"state":"open","title":"ci(deps): bump actions/github-script from 7 to 9","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-29T09:35:17.000Z","updated_at":"2026-06-29T09:35:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci(deps)","packages":[{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"}],"path":null,"ecosystem":"actions"},"body":"Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version support to 24.x by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME for updating actions/github-script from v7 to v8 by \u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/637\"\u003eactions/github-script#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sneha-krip\"\u003e\u003ccode\u003e@​sneha-krip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/653\"\u003eactions/github-script#653\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v7.1.0...v8.0.0\"\u003ehttps://github.com/actions/github-script/compare/v7.1.0...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade husky to v9 by \u003ca href=\"https://github.com/benelan\"\u003e\u003ccode\u003e@​benelan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/482\"\u003eactions/github-script#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/485\"\u003eactions/github-script#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish by \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/486\"\u003eactions/github-script#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow status badges by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/497\"\u003eactions/github-script#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate usage of \u003ccode\u003eactions/upload-artifact\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/512\"\u003eactions/github-script#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClear up package name confusion by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/514\"\u003eactions/github-script#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies with \u003ccode\u003enpm audit fix\u003c/code\u003e by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/515\"\u003eactions/github-script#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify that the used script is JavaScript by \u003ca href=\"https://github.com/timotk\"\u003e\u003ccode\u003e@​timotk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/478\"\u003eactions/github-script#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add Dependabot for NPM and Actions by \u003ca href=\"https://github.com/nschonni\"\u003e\u003ccode\u003e@​nschonni\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/472\"\u003eactions/github-script#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Bitcoindefi/Open-Stellar/pull/390","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bitcoindefi%2FOpen-Stellar/issues/390","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/390/packages"}}]}