{"id":7023,"name":"oxsecurity/megalinter","ecosystem":"actions","repository_url":"https://github.com/oxsecurity/megalinter","issues_count":586,"created_at":"2025-06-06T22:07:59.405Z","updated_at":"2025-06-06T22:07:59.405Z","purl":"pkg:githubactions/oxsecurity/megalinter","metadata":{"id":5800018,"name":"oxsecurity/megalinter","ecosystem":"actions","description":"Combine all available linters to automatically validate your sources without configuration !","homepage":"http://megalinter.io/","licenses":"agpl-3.0","normalized_licenses":["AGPL-3.0"],"repository_url":"https://github.com/oxsecurity/megalinter","keywords_array":["apex","autofix","azure-pipelines","best-practices","code-quality","formatter","gitlab-ci","golang","groovy","java","jenkins","kotlin","linter","linters","markdown","megalinter","python","sarif-report","security","terraform"],"namespace":"oxsecurity","versions_count":170,"first_release_published_at":"2020-10-17T14:16:06.000Z","latest_release_published_at":"2025-05-04T16:36:25.000Z","latest_release_number":"v8.7.0","last_synced_at":"2025-06-05T22:01:01.470Z","created_at":"2023-01-04T11:49:25.940Z","updated_at":"2025-06-05T22:01:01.470Z","registry_url":"https://github.com/oxsecurity/megalinter","install_command":null,"documentation_url":null,"metadata":{"name":"MegaLinter","author":"Nicolas Vuillamy","description":"Combine all available linters to automatically validate your sources without configuration !","outputs":{"has_updated_sources":{"description":"0 if no source file has been updated, 1 if source files has been updated"}},"runs":{"using":"docker","image":"docker://oxsecurity/megalinter:v8.7.0","args":["-v","/var/run/docker.sock:/var/run/docker.sock:rw"]},"branding":{"icon":"check","color":"green"},"default_branch":"main","path":null},"repo_metadata":{"id":36992769,"uuid":"304830226","full_name":"oxsecurity/megalinter","owner":"oxsecurity","description":"🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.","archived":false,"fork":false,"pushed_at":"2025-05-07T21:49:55.000Z","size":811344,"stargazers_count":2134,"open_issues_count":60,"forks_count":255,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-05-08T17:17:13.278Z","etag":null,"topics":["apex","autofix","azure-pipelines","best-practices","code-quality","formatter","gitlab-ci","golang","groovy","java","jenkins","kotlin","linter","linters","markdown","megalinter","python","sarif-report","security","terraform"],"latest_commit_sha":null,"homepage":"http://megalinter.io/","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oxsecurity.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":"docs/supported-linters.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["nvuillam","echoix","bdovaz"]}},"created_at":"2020-10-17T08:16:25.000Z","updated_at":"2025-05-06T12:05:45.000Z","dependencies_parsed_at":"2023-09-23T09:15:46.045Z","dependency_job_id":"61421bdb-05c8-4bd1-9182-ce02139fbe59","html_url":"https://github.com/oxsecurity/megalinter","commit_stats":{"total_commits":3040,"total_committers":125,"mean_commits":24.32,"dds":"0.22072368421052635","last_synced_commit":"0167c76337239a55e9e438272b447b709f396551"},"previous_names":["megalinter/megalinter","nvuillam/mega-linter"],"tags_count":170,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxsecurity","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253124244,"owners_count":21857614,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"oxsecurity","name":"Ox Security","uuid":"89921661","kind":"organization","description":"","email":null,"website":"https://www.ox.security/?ref=megalinter","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/89921661?v=4","repositories_count":2,"last_synced_at":"2023-03-03T23:15:01.833Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/oxsecurity","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-14T06:27:47.112Z","updated_at":"2023-03-03T23:15:01.861Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxsecurity","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxsecurity/repositories"},"tags":[{"name":"v8.7.0","sha":"5a91fb06c83d0e69fbd23756d47438aa723b4a5a","kind":"commit","published_at":"2025-05-04T16:36:25.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.7.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.7.0/manifests"},{"name":"v8.6.0","sha":"04cf22b980c2e9c2121553417ed651c944afc8e1","kind":"commit","published_at":"2025-04-27T19:11:26.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.6.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.6.0","dependencies_parsed_at":null,"dependency_job_id":"9e7bd11a-12a6-4fa8-80c3-ec53a2446b94","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.6.0/manifests"},{"name":"v8.5.0","sha":"146333030da68e2e58c6ff826633824fabe01eaf","kind":"commit","published_at":"2025-03-23T19:21:15.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.5.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.5.0","dependencies_parsed_at":"2025-04-12T04:56:04.387Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.5.0/manifests"},{"name":"v8.4.2","sha":"ec124f7998718d79379a3c5b39f5359952baf21d","kind":"commit","published_at":"2025-02-02T10:56:43.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.4.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.4.2","dependencies_parsed_at":"2025-04-12T04:56:04.394Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.4.2/manifests"},{"name":"v8.4.1","sha":"839e6d63c0423eb74ce2578225f8b8b4bed63ede","kind":"commit","published_at":"2025-01-27T22:42:50.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.4.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.4.1","dependencies_parsed_at":"2025-04-12T04:56:04.393Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.4.1/manifests"},{"name":"v8.4.0","sha":"f90c800040e4f84800700b27b2394d3eecc1fdad","kind":"commit","published_at":"2025-01-26T15:48:24.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.4.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.4.0","dependencies_parsed_at":"2025-04-12T04:56:04.387Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.4.0/manifests"},{"name":"v8.3.0","sha":"1fc052d03c7a43c78fe0fee19c9d648b749e0c01","kind":"commit","published_at":"2024-11-23T10:11:00.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.3.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.3.0","dependencies_parsed_at":"2024-11-26T04:13:51.193Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.3.0/manifests"},{"name":"v8.2.0","sha":"d8c95fc6f2237031fb9e9322b0f97100168afa6e","kind":"commit","published_at":"2024-11-17T13:31:21.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.2.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.2.0","dependencies_parsed_at":"2024-11-20T04:39:25.880Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.2.0/manifests"},{"name":"v8.1.0","sha":"b38cdf1f0cbe056fad4112cb7cd99c2b574c9617","kind":"commit","published_at":"2024-10-13T10:49:45.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.1.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.1.0","dependencies_parsed_at":"2024-10-17T04:40:28.689Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.1.0/manifests"},{"name":"v8","sha":"c217fe8f7bc9207062a084e989bd97efd56e7b9a","kind":"commit","published_at":"2024-08-19T21:26:03.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8","dependencies_parsed_at":"2024-08-22T04:12:09.681Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8/manifests"},{"name":"v8.0.0","sha":"c217fe8f7bc9207062a084e989bd97efd56e7b9a","kind":"commit","published_at":"2024-08-19T21:26:03.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v8.0.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v8.0.0","dependencies_parsed_at":"2024-08-22T04:12:09.680Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v8.0.0/manifests"},{"name":"v7.13.0","sha":"bacb5f8674e3730b904ca4d20c8bd477bc51b1a7","kind":"commit","published_at":"2024-07-06T20:18:58.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.13.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.13.0","dependencies_parsed_at":"2024-07-11T05:38:42.864Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.13.0/manifests"},{"name":"v7.12.0","sha":"5199c6377b4cb7faff749a1971636f3343db9fe6","kind":"commit","published_at":"2024-06-02T14:54:41.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.12.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.12.0","dependencies_parsed_at":"2024-06-04T05:13:10.303Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.12.0/manifests"},{"name":"v7.11.1","sha":"03986e6993ccf699a22451118520680b438e7d2a","kind":"commit","published_at":"2024-04-23T19:44:06.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.11.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.11.1","dependencies_parsed_at":"2024-04-25T05:38:12.405Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.11.1/manifests"},{"name":"v7.11.0","sha":"57b35babc3e317dc587cdfd04f803d27d961c73b","kind":"commit","published_at":"2024-04-23T10:10:30.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.11.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.11.0","dependencies_parsed_at":"2024-04-25T05:38:11.989Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.11.0/manifests"},{"name":"v7.10.0","sha":"a7a0163b6c8ff7474a283d99a706e27483ddd80f","kind":"commit","published_at":"2024-03-10T20:15:18.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.10.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.10.0","dependencies_parsed_at":"2024-03-12T04:49:49.320Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.10.0/manifests"},{"name":"v7.9.0","sha":"190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2","kind":"commit","published_at":"2024-02-11T21:42:10.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.9.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.9.0","dependencies_parsed_at":"2024-02-13T04:07:57.828Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.9.0/manifests"},{"name":"v7.8.0","sha":"688bc7466d7ab4faa83d614c2e6f9acf42b674dc","kind":"commit","published_at":"2024-01-21T10:49:46.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.8.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.8.0","dependencies_parsed_at":"2024-01-24T04:45:25.034Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.8.0/manifests"},{"name":"v7.7.0","sha":"7e042c726c68415475b05a65a686c612120a1232","kind":"commit","published_at":"2023-12-09T21:18:48.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.7.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.7.0","dependencies_parsed_at":"2023-12-11T05:02:06.251Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.7.0/manifests"},{"name":"v7.6.0","sha":"5364b811bbe86576d832227be174ebc2aa0f5f49","kind":"commit","published_at":"2023-11-19T16:03:37.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.6.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.6.0","dependencies_parsed_at":"2023-11-21T04:15:45.621Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.6.0/manifests"},{"name":"v7","sha":"b48455a119cc28045eee8f1e9d0a542a85e71f4f","kind":"commit","published_at":"2023-10-28T22:52:57.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7","dependencies_parsed_at":"2023-11-09T04:05:30.509Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7/manifests"},{"name":"latest","sha":"b48455a119cc28045eee8f1e9d0a542a85e71f4f","kind":"commit","published_at":"2023-10-28T22:52:57.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/latest","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/latest","dependencies_parsed_at":"2023-11-09T04:05:30.504Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/latest","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/latest/manifests"},{"name":"v7.5.0","sha":"b48455a119cc28045eee8f1e9d0a542a85e71f4f","kind":"commit","published_at":"2023-10-28T22:52:57.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.5.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.5.0","dependencies_parsed_at":"2023-11-09T04:05:30.507Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.5.0/manifests"},{"name":"v7.4.0","sha":"a87b2872713c6bdde46d2473c5d7ed23e5752dc2","kind":"commit","published_at":"2023-09-22T14:55:42.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.4.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.4.0","dependencies_parsed_at":"2023-11-09T04:05:30.501Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.4.0/manifests"},{"name":"v7.3.0","sha":"fda6ac3a38be0e969820709ac16e442464e5a035","kind":"commit","published_at":"2023-08-09T22:40:55.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.3.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.3.0","dependencies_parsed_at":"2023-11-09T04:05:30.480Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.3.0/manifests"},{"name":"v7.2.1","sha":"63776c4389c474e1a6b9faa27bc8b9500fdff95a","kind":"commit","published_at":"2023-07-26T20:25:22.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.2.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.2.1","dependencies_parsed_at":"2023-11-09T04:05:30.522Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.2.1/manifests"},{"name":"v7.2.0","sha":"c72cdea919d17076dbc54f4864b1c82db0f181f2","kind":"commit","published_at":"2023-07-25T09:04:25.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.2.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.2.0","dependencies_parsed_at":"2023-11-09T04:05:30.481Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.2.0/manifests"},{"name":"v7.1.0","sha":"a7b1a3af0f3bd4de4db855969d27e224005665a6","kind":"commit","published_at":"2023-06-11T16:49:16.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.1.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.1.0","dependencies_parsed_at":"2023-11-09T04:05:05.793Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.1.0/manifests"},{"name":"v7.0.4","sha":"0d014ffdef3307ca4a4cd1ddf482fc4f05733d7c","kind":"commit","published_at":"2023-05-31T21:49:55.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.0.4","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.0.4","dependencies_parsed_at":"2023-11-09T04:05:05.876Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.4/manifests"},{"name":"v7.0.3","sha":"2b1998e443e5757ace627e9af2094d0f1a2f80b4","kind":"commit","published_at":"2023-05-29T09:14:38.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.0.3","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.0.3","dependencies_parsed_at":"2023-11-09T04:05:05.780Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.3/manifests"},{"name":"v7.0.2","sha":"e99bc276c361c2f68c4976a5f86f7421c2c4d606","kind":"commit","published_at":"2023-05-27T11:49:12.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.0.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.0.2","dependencies_parsed_at":"2023-11-09T04:05:05.597Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.2/manifests"},{"name":"v7.0.1","sha":"8c92ca3cd548dec08716d2151776a7cc06cd4f99","kind":"commit","published_at":"2023-05-27T10:48:21.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.0.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.0.1","dependencies_parsed_at":"2023-11-09T04:05:05.549Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.1/manifests"},{"name":"v7.0.0","sha":"02d61243f331ae88676e8c43b7e8a0b79dfb253c","kind":"commit","published_at":"2023-05-27T10:14:39.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v7.0.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v7.0.0","dependencies_parsed_at":"2023-11-09T04:05:05.615Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v7.0.0/manifests"},{"name":"v6","sha":"93700f8c21c59ea784a32abe23896e49e54463b8","kind":"commit","published_at":"2023-04-03T18:20:08.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6","dependencies_parsed_at":"2023-11-09T04:05:05.757Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6/manifests"},{"name":"v6.22.2","sha":"93700f8c21c59ea784a32abe23896e49e54463b8","kind":"commit","published_at":"2023-04-03T18:20:08.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.22.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.22.2","dependencies_parsed_at":"2023-11-09T04:05:06.011Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.22.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.22.2/manifests"},{"name":"v6.22.1","sha":"fe568b3592efcd04d21632d99501fc120df8110a","kind":"commit","published_at":"2023-04-02T16:18:39.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.22.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.22.1","dependencies_parsed_at":"2023-11-09T04:05:05.984Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.22.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.22.1/manifests"},{"name":"v6.22.0","sha":"a6134e1daea26bc9d745017dfc24883ac5e2859c","kind":"commit","published_at":"2023-04-01T14:14:56.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.22.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.22.0","dependencies_parsed_at":"2023-11-09T04:05:05.899Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.22.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.22.0/manifests"},{"name":"v6.21.0","sha":"c364436149b0ef3578bd24fa38ed9aa23af884db","kind":"commit","published_at":"2023-03-26T16:15:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.21.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.21.0","dependencies_parsed_at":"2023-11-09T04:05:05.592Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.21.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.21.0/manifests"},{"name":"v6.20.1","sha":"fa252447a038abeedc60aeb3d9f913315bf5fcf2","kind":"commit","published_at":"2023-03-07T21:05:32.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.20.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.20.1","dependencies_parsed_at":"2023-11-09T04:05:05.527Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.20.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.20.1/manifests"},{"name":"v6.20.0","sha":"c1612a7969ca083ca64ea4d55fe174ec7ea54740","kind":"commit","published_at":"2023-03-05T20:13:09.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.20.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.20.0","dependencies_parsed_at":"2023-11-09T04:05:05.774Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.20.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.20.0/manifests"},{"name":"v6.19.0","sha":"f8d535e8f1b5be62df8ea5c9c8548035fc298788","kind":"commit","published_at":"2023-02-05T11:38:18.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.19.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.19.0","dependencies_parsed_at":"2023-11-09T04:05:05.770Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.19.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.19.0/manifests"},{"name":"v6.18.0","sha":"8fd433c675d27ceca5a61ace53177c1bbfbf7f49","kind":"commit","published_at":"2023-01-07T09:46:38.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.18.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.18.0","dependencies_parsed_at":"2023-11-09T04:05:05.448Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.18.0/manifests"},{"name":"v6.17.0","sha":"d9cc1b4179f513fcb50fa438babf54816f8037d5","kind":"commit","published_at":"2022-12-27T20:47:42.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.17.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.17.0","dependencies_parsed_at":"2023-11-09T04:05:05.609Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.17.0/manifests"},{"name":"v6.16.0","sha":"6251063d20a361cb53b6f8ab7f6cd5af61ff831b","kind":"commit","published_at":"2022-12-24T00:13:20.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.16.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.16.0","dependencies_parsed_at":"2023-11-09T04:05:05.987Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.16.0/manifests"},{"name":"v6.15.0","sha":"d8612e7786f5c64747a73759d8bc459224a00fe9","kind":"commit","published_at":"2022-11-23T21:59:15.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.15.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.15.0","dependencies_parsed_at":"2023-11-09T04:05:05.932Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.15.0/manifests"},{"name":"v6.14.0","sha":"5f067f726ebba9ab0a05207777261d8254dd83a2","kind":"commit","published_at":"2022-11-06T10:08:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.14.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.14.0","dependencies_parsed_at":"2023-11-09T04:05:05.445Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.14.0/manifests"},{"name":"v6.13.0","sha":"f58627dfe556c4a85e53417f9b73ac505114d93b","kind":"commit","published_at":"2022-10-23T22:42:28.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.13.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.13.0","dependencies_parsed_at":"2023-11-09T04:05:05.927Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.13.0/manifests"},{"name":"v6.12.0","sha":"f14608fee2e1b307de913042d6aad31d06dccf2b","kind":"commit","published_at":"2022-10-16T19:44:45.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.12.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.12.0","dependencies_parsed_at":"2023-11-09T04:05:05.616Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.12.0/manifests"},{"name":"v6.11.1","sha":"88a858eca0d241a5611b234a1b331771bd5335f3","kind":"commit","published_at":"2022-10-03T06:04:47.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.11.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.11.1","dependencies_parsed_at":"2023-11-09T04:05:05.549Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.11.1/manifests"},{"name":"v6.11.0","sha":"67c177017bab4c22f1bb7b06dad6f6f14df18b88","kind":"commit","published_at":"2022-10-02T10:05:24.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.11.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.11.0","dependencies_parsed_at":"2023-11-09T04:05:05.592Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.11.0/manifests"},{"name":"v6.10.0","sha":"bd931465299fd65a0fb91d8ab8ef04419e3b198e","kind":"commit","published_at":"2022-09-19T20:08:02.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.10.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.10.0","dependencies_parsed_at":"2023-11-09T04:05:06.075Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.10.0/manifests"},{"name":"v6.9.1","sha":"0d5d7fb53db58d6bcc755e93df78b6438722f45e","kind":"commit","published_at":"2022-09-11T15:28:38.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.9.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.9.1","dependencies_parsed_at":"2023-11-09T04:05:06.026Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.9.1/manifests"},{"name":"v6.9.0","sha":"57b4569824721882bc1e08246910dacd9675047e","kind":"commit","published_at":"2022-09-11T10:32:36.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.9.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.9.0","dependencies_parsed_at":"2023-11-09T04:05:05.443Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.9.0/manifests"},{"name":"v6.8.0","sha":"5bd2d83c532f99f8ce41b8ca497d422ac3eaca38","kind":"commit","published_at":"2022-09-04T21:06:56.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.8.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.8.0","dependencies_parsed_at":"2023-11-09T04:05:05.931Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.8.0/manifests"},{"name":"v6.7.1","sha":"a808a48437e8f69c2aefdc4bff4e88f71c45de7e","kind":"commit","published_at":"2022-08-28T20:09:47.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.7.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.7.1","dependencies_parsed_at":"2023-11-09T04:05:06.005Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.7.1/manifests"},{"name":"v6.7.0","sha":"67921c0a0e5f02131824bbd7092412b85edd7f08","kind":"commit","published_at":"2022-08-28T09:52:17.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.7.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.7.0","dependencies_parsed_at":"2023-11-09T04:05:05.791Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.7.0/manifests"},{"name":"v6.6.0","sha":"0b831774c69cabc0eb7f49bc7e491d3652740cde","kind":"commit","published_at":"2022-08-21T21:08:27.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.6.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.6.0","dependencies_parsed_at":"2023-11-09T04:05:05.747Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.6.0/manifests"},{"name":"v6.5.0","sha":"eca13fcbb7f005f583857f2d94e0c8c151119c57","kind":"commit","published_at":"2022-08-15T19:18:35.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.5.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.5.0","dependencies_parsed_at":"2023-11-09T04:05:05.582Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.5.0/manifests"},{"name":"v6.4.0","sha":"bbc0709d57b00619d95313dc5d6335c05c999522","kind":"commit","published_at":"2022-08-12T16:05:35.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.4.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.4.0","dependencies_parsed_at":"2023-11-09T04:05:05.685Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.4.0/manifests"},{"name":"v6.3.0","sha":"41b9444e291d913f3e1cfc1081a20d07070a2146","kind":"commit","published_at":"2022-08-07T10:49:32.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.3.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.3.0","dependencies_parsed_at":"2023-11-09T04:05:05.893Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.3.0/manifests"},{"name":"v6.2.1","sha":"b1e3b0eee307b03d2a94effa753dbffdf13c9b9a","kind":"commit","published_at":"2022-08-01T05:48:04.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.2.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.2.1","dependencies_parsed_at":"2023-11-09T04:05:06.033Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.2.1/manifests"},{"name":"v6.2.0","sha":"67765fc7fda09d6deb800ec477942d4127384932","kind":"commit","published_at":"2022-07-31T10:03:42.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.2.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.2.0","dependencies_parsed_at":"2023-11-09T04:05:05.560Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.2.0/manifests"},{"name":"v6.1.0","sha":"77d6ab3a45cded15953ff7a4191801832d5dff5d","kind":"commit","published_at":"2022-07-19T11:27:24.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.1.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.1.0","dependencies_parsed_at":"2023-11-09T04:05:05.973Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.1.0/manifests"},{"name":"v6.0.5","sha":"09bd8a3aab852fd55f80b3c66dab3cc360c0b5b0","kind":"commit","published_at":"2022-07-16T09:52:01.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.0.5","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.0.5","dependencies_parsed_at":"2023-11-09T04:05:05.584Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.5/manifests"},{"name":"v6.0.4","sha":"9ba77ad95620a430ba7bfe193cadb297e9a30f73","kind":"commit","published_at":"2022-07-14T18:00:30.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.0.4","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.0.4","dependencies_parsed_at":"2023-11-09T04:05:05.446Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.4/manifests"},{"name":"v6.0.3","sha":"7c776cf45ff9ad6bb09100a6453bb3e80a9fe8db","kind":"commit","published_at":"2022-07-12T05:43:04.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.0.3","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.0.3","dependencies_parsed_at":"2023-11-09T04:05:05.765Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.3/manifests"},{"name":"v6.0.2","sha":"598182695f278a860c5e0e35169b7992ea5957b5","kind":"commit","published_at":"2022-07-10T23:01:10.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.0.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.0.2","dependencies_parsed_at":"2023-11-09T04:05:05.529Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.2/manifests"},{"name":"v6.0.1","sha":"7f6e1cb9118a15c9abddaa8fc63d24b327f27175","kind":"commit","published_at":"2022-07-10T21:44:23.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.0.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.0.1","dependencies_parsed_at":"2023-11-09T04:05:05.714Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.1/manifests"},{"name":"v6.0.0","sha":"908b38385bf502d66be0d2732641ceec1d12b2e7","kind":"commit","published_at":"2022-07-10T20:37:41.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v6.0.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v6.0.0","dependencies_parsed_at":"2023-11-09T04:05:05.942Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v6.0.0/manifests"},{"name":"beta","sha":"084c3f20a1e16a966734ff44c178bc0fe0a7e25a","kind":"commit","published_at":"2022-07-10T16:08:16.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/beta","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/beta","dependencies_parsed_at":"2023-07-20T21:06:09.311Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/beta/manifests"},{"name":"v5.17.0","sha":"7b2c5402f3cd7d4e9454c9d60d3c7b738bcdd039","kind":"commit","published_at":"2022-07-10T08:20:52.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.17.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.17.0","dependencies_parsed_at":"2023-07-20T21:05:59.997Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.17.0/manifests"},{"name":"v5.16.1","sha":"7acb133f69d5fa8e457cd9f56b9edc38ff6a3563","kind":"commit","published_at":"2022-06-26T14:17:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.16.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.16.1","dependencies_parsed_at":"2023-07-20T21:06:07.293Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.16.1/manifests"},{"name":"v5.16.0","sha":"8390ba9ac36fc5dab21ba5f03ab832c6c9e34aa6","kind":"commit","published_at":"2022-06-26T13:24:03.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.16.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.16.0","dependencies_parsed_at":"2023-07-20T21:06:08.877Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.16.0/manifests"},{"name":"v5.15.0","sha":"fb8fd6732383d09792f609c79bd9cf9efc2518c9","kind":"commit","published_at":"2022-06-22T23:05:41.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.15.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.15.0","dependencies_parsed_at":"2023-07-20T20:42:44.110Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.15.0/manifests"},{"name":"v5.14.0","sha":"10aec2adaa284b4420be2d87b1b06cc270c5b046","kind":"commit","published_at":"2022-06-12T11:25:35.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.14.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.14.0","dependencies_parsed_at":"2023-07-20T21:06:01.495Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.14.0/manifests"},{"name":"v5.13.0","sha":"7908c4d34a5da2824dbd681a2c940a001bf39995","kind":"commit","published_at":"2022-05-15T16:37:36.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.13.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.13.0","dependencies_parsed_at":"2023-07-20T21:06:08.799Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.13.0/manifests"},{"name":"v5.12.0","sha":"10b62f81a09476ca1ebeafb31441d62f7a34c91d","kind":"commit","published_at":"2022-04-23T07:02:20.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.12.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.12.0","dependencies_parsed_at":"2023-07-20T21:06:10.674Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.12.0/manifests"},{"name":"v5.11.0","sha":"5f28a0622f9b9a49e44845e4dc0ca3bf203cafc8","kind":"commit","published_at":"2022-04-11T17:26:05.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.11.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.11.0","dependencies_parsed_at":"2023-07-20T21:06:01.809Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.11.0/manifests"},{"name":"v5.10.0","sha":"73bc6eaf71f66d503c7a27e2a067f174f07c9883","kind":"commit","published_at":"2022-03-20T11:00:47.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.10.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.10.0","dependencies_parsed_at":"2023-07-20T21:05:44.970Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.10.0/manifests"},{"name":"v5.9.0","sha":"67eaf55ebb4b34418d1f7c3b7b2516ab6f837c78","kind":"commit","published_at":"2022-03-13T18:24:19.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.9.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.9.0","dependencies_parsed_at":"2023-07-20T21:06:09.008Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.9.0/manifests"},{"name":"v5.8.0","sha":"a4a213b63cd42b9705d12968d88f8b873a07f8f8","kind":"commit","published_at":"2022-02-18T21:49:55.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.8.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.8.0","dependencies_parsed_at":"2023-07-20T21:06:07.302Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.8.0/manifests"},{"name":"v5.7.1","sha":"739a485b66f61549c3e239c95d1da5608022761f","kind":"commit","published_at":"2022-02-02T22:11:53.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.7.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.7.1","dependencies_parsed_at":"2023-07-20T21:05:59.921Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.7.1/manifests"},{"name":"v5.7.0","sha":"4069f0dafe5c38c3125609a624f010c168b0c5d3","kind":"commit","published_at":"2022-01-30T16:17:08.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.7.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.7.0","dependencies_parsed_at":"2023-07-20T21:06:05.944Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.7.0/manifests"},{"name":"v5.6.0","sha":"037fb95a18674c1edf592fe6511c8558df2be611","kind":"commit","published_at":"2022-01-22T21:04:35.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.6.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.6.0","dependencies_parsed_at":"2023-07-20T21:06:01.487Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.6.0/manifests"},{"name":"v5.5.0","sha":"06b1e76904cffeb51b3770fe3b7db7e65fe70b90","kind":"commit","published_at":"2022-01-03T22:01:02.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.5.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.5.0","dependencies_parsed_at":"2023-07-20T21:06:09.255Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.5.0/manifests"},{"name":"v5.4.0","sha":"26c3d1231cbca8fb37b2997c1aecfb01a6a1ef94","kind":"commit","published_at":"2021-12-21T13:07:32.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.4.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.4.0","dependencies_parsed_at":"2023-07-20T20:42:43.174Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.4.0/manifests"},{"name":"v5.3.0","sha":"3971670ec3e5acda2701661753cec8c551a302fd","kind":"commit","published_at":"2021-12-08T10:52:03.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.3.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.3.0","dependencies_parsed_at":"2023-07-20T21:06:08.663Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.3.0/manifests"},{"name":"v5.2.0","sha":"74b801d5edd276c1af25b7f304a7e4587b1e8d7a","kind":"commit","published_at":"2021-11-18T17:21:59.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.2.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.2.0","dependencies_parsed_at":"2023-07-20T21:06:11.531Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.2.0/manifests"},{"name":"v5.1.0","sha":"62bbbe35d4b6ee40ff01bcb7980760f942a0b91a","kind":"commit","published_at":"2021-11-15T14:54:11.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.1.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.1.0","dependencies_parsed_at":"2023-07-20T20:42:44.970Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.1.0/manifests"},{"name":"v5.0.7","sha":"a8156288866b3f7ac91528db93dc9e14e00745cf","kind":"commit","published_at":"2021-11-04T06:22:37.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.7","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.7","dependencies_parsed_at":"2023-07-20T21:06:09.645Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.7/manifests"},{"name":"v5.0.6","sha":"8f4494578d0944c590d0b3742b754a7ceb6a8645","kind":"commit","published_at":"2021-11-02T23:38:36.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.6","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.6","dependencies_parsed_at":"2023-07-20T21:06:07.163Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.6/manifests"},{"name":"v5.0.5","sha":"f0d359cfa3b347b8460b1644d1a2a5c57572b1f4","kind":"commit","published_at":"2021-11-02T11:01:57.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.5","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.5","dependencies_parsed_at":"2023-07-20T21:06:01.494Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.5/manifests"},{"name":"v5","sha":"982c82d840217f38f56f0d35d50eb0845fc07822","kind":"commit","published_at":"2021-11-02T09:32:22.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5","dependencies_parsed_at":"2023-07-20T21:06:08.879Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5/manifests"},{"name":"v5.0.4","sha":"26dc74e52088e53d85a3fa9c8c7e05bf4020b301","kind":"commit","published_at":"2021-10-31T18:52:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.4","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.4","dependencies_parsed_at":"2023-07-20T21:06:10.936Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.4/manifests"},{"name":"v5.0.3","sha":"183da5beb96f3a651828e869d8a8bbd3729a51a0","kind":"commit","published_at":"2021-10-31T18:22:11.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.3","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.3","dependencies_parsed_at":"2023-07-20T21:06:11.891Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.3/manifests"},{"name":"v5.0.2","sha":"b1de4c2186878852e9aefe87b639843f13da2a2a","kind":"commit","published_at":"2021-10-31T17:19:23.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.2","dependencies_parsed_at":"2023-07-20T21:05:42.249Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.2/manifests"},{"name":"v5.0.1","sha":"8d35e1bad845cc1e62102478f7d5a48d7337ade4","kind":"commit","published_at":"2021-10-30T18:36:06.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.1","dependencies_parsed_at":"2023-07-20T21:06:07.006Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.1/manifests"},{"name":"v5.0.0","sha":"fb71bf432f0a8a8741bd794be29a323cdf2359c7","kind":"commit","published_at":"2021-10-30T12:52:58.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v5.0.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v5.0.0","dependencies_parsed_at":"2023-07-20T21:06:06.480Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v5.0.0/manifests"},{"name":"v4.47.0","sha":"2195c5e7e0605d0b16d9b61980e804a42400a4a7","kind":"commit","published_at":"2021-10-30T08:47:49.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.47.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.47.0","dependencies_parsed_at":"2023-07-20T21:06:09.113Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.47.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.47.0/manifests"},{"name":"v4.46.0","sha":"961374340d57e82ab08a8d3c869807e5ff773ffb","kind":"commit","published_at":"2021-09-21T20:28:06.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.46.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.46.0","dependencies_parsed_at":"2023-07-20T21:06:08.491Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.46.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.46.0/manifests"},{"name":"v4.45.0","sha":"c1e3ab1a2fa908e31b0c50de32d11d0ab30c0c87","kind":"commit","published_at":"2021-09-04T11:37:58.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.45.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.45.0","dependencies_parsed_at":"2023-07-20T21:06:12.457Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.45.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.45.0/manifests"},{"name":"v4.44.1","sha":"28619301d0b397b9a1ad1e49b5f2f4f0fe293814","kind":"commit","published_at":"2021-08-20T06:18:12.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.44.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.44.1","dependencies_parsed_at":"2023-07-20T21:05:59.593Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.44.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.44.1/manifests"},{"name":"v4.44.0","sha":"061c24fbc6f2f71a0085f78a1d0379f8c3b78923","kind":"commit","published_at":"2021-08-19T20:45:25.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.44.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.44.0","dependencies_parsed_at":"2023-07-20T21:06:08.623Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.44.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.44.0/manifests"},{"name":"v4.43.0","sha":"8c66c275b74d84c5cbe40e9165be269ab0939641","kind":"commit","published_at":"2021-08-12T14:47:16.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.43.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.43.0","dependencies_parsed_at":"2023-07-20T21:06:05.592Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.43.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.43.0/manifests"},{"name":"v4.42.0","sha":"66f92a0b65c03fec02208edb098a757283c64748","kind":"commit","published_at":"2021-08-12T08:35:36.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.42.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.42.0","dependencies_parsed_at":"2023-07-20T20:42:42.192Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.42.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.42.0/manifests"},{"name":"v4.41.0","sha":"5d7620111f4dcc43b3cc3f66219b552ae2245168","kind":"commit","published_at":"2021-07-25T12:17:43.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.41.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.41.0","dependencies_parsed_at":"2023-07-20T21:06:07.167Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.41.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.41.0/manifests"},{"name":"v4.40.0","sha":"122392be23b7c08301d92db5c71e972b2ab6ae8a","kind":"commit","published_at":"2021-07-14T08:02:45.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.40.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.40.0","dependencies_parsed_at":"2023-07-20T21:06:08.808Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.40.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.40.0/manifests"},{"name":"v4.38.0","sha":"585edb9a119e1224cae82de6ef1e0ad772dda559","kind":"commit","published_at":"2021-07-10T09:54:20.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.38.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.38.0","dependencies_parsed_at":"2023-07-20T20:42:45.493Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.38.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.38.0/manifests"},{"name":"v4.37.0","sha":"3abd415744a77229bd152a72d82362d9b45abce5","kind":"commit","published_at":"2021-07-05T23:50:28.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.37.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.37.0","dependencies_parsed_at":"2023-07-20T21:06:06.185Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.37.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.37.0/manifests"},{"name":"v4.36.0","sha":"257759a105c01b425bd0d7749cd54b0a6070c3d1","kind":"commit","published_at":"2021-06-22T17:33:03.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.36.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.36.0","dependencies_parsed_at":"2023-07-20T21:06:00.793Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.36.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.36.0/manifests"},{"name":"v4.35.0","sha":"510ad37a0456a762eadec0d992aaabcaf4cbc615","kind":"commit","published_at":"2021-06-12T18:14:17.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.35.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.35.0","dependencies_parsed_at":"2023-07-20T21:06:05.918Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.35.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.35.0/manifests"},{"name":"v4.34.0","sha":"bc2cea1fb74320af06cc3b54ed52d812be5dd94c","kind":"commit","published_at":"2021-05-13T07:41:09.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.34.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.34.0","dependencies_parsed_at":"2023-07-20T21:06:06.434Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.34.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.34.0/manifests"},{"name":"v4.33.0","sha":"d76d551d0b6b3b0317b194d48b149a893ae42437","kind":"commit","published_at":"2021-04-30T13:43:09.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.33.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.33.0","dependencies_parsed_at":"2023-07-20T21:05:59.899Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.33.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.33.0/manifests"},{"name":"v4","sha":"2026a05c0ea3ab4db6549b1846d327c620352a4e","kind":"commit","published_at":"2021-04-26T14:28:37.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4","dependencies_parsed_at":"2023-07-20T21:06:12.177Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4/manifests"},{"name":"v4.32.0","sha":"db85937c759ce82134522e168f6bc7fd1a601510","kind":"commit","published_at":"2021-04-20T20:17:21.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.32.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.32.0","dependencies_parsed_at":"2023-07-20T21:06:00.619Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.32.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.32.0/manifests"},{"name":"v4.31.0","sha":"028f3b285b1d79cf5781b97e9957c51959a2b237","kind":"commit","published_at":"2021-04-03T15:29:30.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.31.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.31.0","dependencies_parsed_at":"2023-07-20T21:06:01.507Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.31.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.31.0/manifests"},{"name":"v4.30.0","sha":"907088e3aa58b41e49a4a1ada73d9ba6bd141f29","kind":"commit","published_at":"2021-03-14T22:44:21.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.30.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.30.0","dependencies_parsed_at":"2023-07-20T21:05:43.969Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.30.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.30.0/manifests"},{"name":"v4.29.0","sha":"e92b6052bf574a7afd27a5ad21e0f0f4f1a9ff7d","kind":"commit","published_at":"2021-03-12T14:22:35.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.29.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.29.0","dependencies_parsed_at":"2023-07-20T21:06:09.483Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.29.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.29.0/manifests"},{"name":"v4.28.0","sha":"7115eedf7f733b82266a770a56c43521d33a4731","kind":"commit","published_at":"2021-03-01T13:58:58.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.28.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.28.0","dependencies_parsed_at":"2023-07-20T20:42:42.417Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.28.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.28.0/manifests"},{"name":"v4.27.0","sha":"7452dc27a33902c0f566e410cb72639283db8a51","kind":"commit","published_at":"2021-02-16T19:39:49.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.27.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.27.0","dependencies_parsed_at":"2023-07-20T21:06:12.821Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.27.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.27.0/manifests"},{"name":"v4.26.2","sha":"035cdfbc6bad0e98d9db823266668592afeaff21","kind":"commit","published_at":"2021-02-04T22:38:42.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.26.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.26.2","dependencies_parsed_at":"2023-07-20T21:06:07.309Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.26.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.26.2/manifests"},{"name":"v4.26.1","sha":"9eb687467d20407670244bd70e63343d8177c5e9","kind":"commit","published_at":"2021-01-29T06:39:38.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.26.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.26.1","dependencies_parsed_at":"2023-07-20T21:05:59.979Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.26.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.26.1/manifests"},{"name":"v4.26.0","sha":"27da1ce120d3f3c3ebb4129e761713dc3c47824e","kind":"commit","published_at":"2021-01-24T18:32:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.26.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.26.0","dependencies_parsed_at":"2023-07-20T21:06:09.365Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.26.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.26.0/manifests"},{"name":"v4.25.0","sha":"d8f67c977f54f19611bf6dec321b50078179126f","kind":"commit","published_at":"2021-01-22T14:04:02.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.25.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.25.0","dependencies_parsed_at":"2023-07-20T21:06:09.081Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.25.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.25.0/manifests"},{"name":"v4.24.1","sha":"5044b52aebe2b9579d6ebc4d39440490be831816","kind":"commit","published_at":"2021-01-19T00:51:38.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.24.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.24.1","dependencies_parsed_at":"2023-07-20T20:42:44.846Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.24.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.24.1/manifests"},{"name":"v4.24.0","sha":"8122a74978f7885d22236bf8d4eb9e3125ba3b32","kind":"commit","published_at":"2021-01-14T19:53:32.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.24.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.24.0","dependencies_parsed_at":"2023-07-20T21:06:05.917Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.24.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.24.0/manifests"},{"name":"v4.23.3","sha":"2c1018c4ccffd7a4433eea20f562d86628119f66","kind":"commit","published_at":"2021-01-14T11:43:57.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.23.3","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.23.3","dependencies_parsed_at":"2023-07-20T21:06:11.068Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.3/manifests"},{"name":"v4.23.2","sha":"f6586ead63645016a6e5cc621299f434bf9867c2","kind":"commit","published_at":"2021-01-14T10:34:46.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.23.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.23.2","dependencies_parsed_at":"2023-07-20T21:06:10.751Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.2/manifests"},{"name":"v4.23.1","sha":"c06cda6a6bbf5f60418ab46dddaafb1b87c2101b","kind":"commit","published_at":"2021-01-12T17:15:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.23.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.23.1","dependencies_parsed_at":"2023-07-20T21:06:12.829Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.1/manifests"},{"name":"v4.23.0","sha":"5fe469c6f2cbe5634e2b086bddeafc501b8091e9","kind":"commit","published_at":"2021-01-11T23:59:18.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.23.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.23.0","dependencies_parsed_at":"2023-07-20T21:05:59.478Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.23.0/manifests"},{"name":"v4.22.1","sha":"33f6953ef93280aa582abfaabd11404205eb95fc","kind":"commit","published_at":"2021-01-07T16:00:28.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.22.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.22.1","dependencies_parsed_at":"2023-07-20T20:42:42.334Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.22.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.22.1/manifests"},{"name":"v4.22.0","sha":"5bf514dad3cab22bd2ac6a0ba836acaa13371220","kind":"commit","published_at":"2021-01-06T09:52:57.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.22.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.22.0","dependencies_parsed_at":"2023-07-20T21:06:07.197Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.22.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.22.0/manifests"},{"name":"v4.21.0","sha":"677c0357a22ee560996911b9ed157abbaae90bfe","kind":"commit","published_at":"2021-01-04T08:32:50.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.21.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.21.0","dependencies_parsed_at":"2023-07-20T21:06:09.105Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.21.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.21.0/manifests"},{"name":"v4.20.0","sha":"9e7e0b916ec87facc5e8eed771bf6871658e5bc7","kind":"commit","published_at":"2020-12-28T23:29:01.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.20.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.20.0","dependencies_parsed_at":"2023-07-20T21:06:00.530Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.20.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.20.0/manifests"},{"name":"v4.19.0","sha":"75f94fad54961eaea94b0f7cafd7fd53662e6798","kind":"commit","published_at":"2020-12-27T02:35:23.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.19.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.19.0","dependencies_parsed_at":"2023-07-20T21:06:08.091Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.19.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.19.0/manifests"},{"name":"v4.18.0","sha":"03d599e52d9b3b34568fba2dd25491b8d66bd71e","kind":"commit","published_at":"2020-12-22T23:37:29.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.18.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.18.0","dependencies_parsed_at":"2023-07-20T20:59:54.624Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.18.0/manifests"},{"name":"v4.17.0","sha":"d0f7cd983cb6596f350763265c8cfc01f97e2ed4","kind":"commit","published_at":"2020-12-18T22:30:14.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.17.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.17.0","dependencies_parsed_at":"2023-07-20T20:59:53.605Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.17.0/manifests"},{"name":"v4.16.0","sha":"f2fc9f6d4323a8dc5d922f2aaa0c980fc63c7d35","kind":"commit","published_at":"2020-12-14T21:28:40.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.16.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.16.0","dependencies_parsed_at":"2023-07-20T20:59:54.830Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.16.0/manifests"},{"name":"v4.15.0","sha":"9fb31b4d0283c99336e93a47249926de5e08a105","kind":"commit","published_at":"2020-12-13T12:21:16.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.15.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.15.0","dependencies_parsed_at":"2023-07-20T20:59:53.437Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.15.0/manifests"},{"name":"v4.14.2","sha":"f572ec5fd614cec7f6f6461824fa8e17392e09da","kind":"commit","published_at":"2020-12-07T16:07:44.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.14.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.14.2","dependencies_parsed_at":"2023-07-20T20:59:54.422Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.14.2/manifests"},{"name":"v4.14.1","sha":"a0cce0dadf7504139b0740a79eeeb825a9e7701a","kind":"commit","published_at":"2020-12-07T11:13:48.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.14.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.14.1","dependencies_parsed_at":"2023-07-20T20:59:53.506Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.14.1/manifests"},{"name":"v4.14.0","sha":"18e9bcb956dfc595faab7f688b7f2b91e16d5c9c","kind":"commit","published_at":"2020-12-07T00:59:24.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.14.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.14.0","dependencies_parsed_at":"2023-07-20T20:59:37.101Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.14.0/manifests"},{"name":"v4.13.0","sha":"705daa1d09b7823c8cfc18cae93a883b62eb3803","kind":"commit","published_at":"2020-12-05T03:33:22.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.13.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.13.0","dependencies_parsed_at":"2023-07-20T20:59:08.115Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.13.0/manifests"},{"name":"v4.12.0","sha":"bab5a0f35fd18eae60a30cf8ec97c59efc6d024b","kind":"commit","published_at":"2020-11-29T13:21:46.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.12.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.12.0","dependencies_parsed_at":"2023-07-20T20:59:07.534Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.12.0/manifests"},{"name":"alpha","sha":"943cc97e149a60c0423a4109fcecec0064385a8b","kind":"commit","published_at":"2020-11-29T10:11:39.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/alpha","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/alpha","dependencies_parsed_at":"2023-07-20T20:59:53.542Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/alpha/manifests"},{"name":"v4.11.1","sha":"9a12580f221ee7c4bd0fa4d5c58823cf7084158f","kind":"commit","published_at":"2020-11-29T01:42:10.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.11.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.11.1","dependencies_parsed_at":"2023-07-20T20:59:53.443Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.11.1/manifests"},{"name":"v4.11.0","sha":"9a12580f221ee7c4bd0fa4d5c58823cf7084158f","kind":"commit","published_at":"2020-11-29T01:42:10.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.11.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.11.0","dependencies_parsed_at":"2023-07-20T20:59:36.752Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.11.0/manifests"},{"name":"v4.10.1","sha":"4a9f10ae57a6a600ccf12f279678f5a9a096d19b","kind":"commit","published_at":"2020-11-28T20:35:22.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.10.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.10.1","dependencies_parsed_at":"2023-07-20T20:59:53.435Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.10.1/manifests"},{"name":"v4.10.0","sha":"5f3fbbc275424051953a1e18ada830b83934970c","kind":"commit","published_at":"2020-11-26T22:35:59.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.10.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.10.0","dependencies_parsed_at":"2023-07-20T20:59:53.114Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.10.0/manifests"},{"name":"v4.9.0","sha":"a168677139ba64ea4c534350588714bdc3ff8e9e","kind":"commit","published_at":"2020-11-23T18:26:05.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.9.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.9.0","dependencies_parsed_at":"2023-07-20T20:59:52.861Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.9.0/manifests"},{"name":"v4.8.0","sha":"563c4b86b991a5d7eb7497e7209b81d88b57d74c","kind":"commit","published_at":"2020-11-19T16:33:38.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.8.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.8.0","dependencies_parsed_at":"2023-07-20T21:00:38.552Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.8.0/manifests"},{"name":"v4.7.1","sha":"308ce7cca840d9912eba52a35d42466b1ff6e5e2","kind":"commit","published_at":"2020-11-16T13:51:59.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.7.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.7.1","dependencies_parsed_at":"2023-07-20T20:59:53.804Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.7.1/manifests"},{"name":"v4.7.0","sha":"88d304ad6a49e6f1a6bcaad960a4d2174f44e2f5","kind":"commit","published_at":"2020-11-16T07:16:41.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.7.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.7.0","dependencies_parsed_at":"2023-07-20T20:59:37.305Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.7.0/manifests"},{"name":"v4.6.0","sha":"d091017995b4bc6cff0de64fa90ede30b10c1d9f","kind":"commit","published_at":"2020-11-13T13:18:39.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.6.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.6.0","dependencies_parsed_at":"2023-07-20T20:59:53.972Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.6.0/manifests"},{"name":"v4.5.0","sha":"05d5afe12a65623a88bc29ca6fe4517872fdbc1d","kind":"commit","published_at":"2020-11-11T16:38:23.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.5.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.5.0","dependencies_parsed_at":"2023-07-20T20:59:52.772Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.5.0/manifests"},{"name":"v4.4.0","sha":"aa754a728d1948094444a6042e98934ea657bce2","kind":"commit","published_at":"2020-11-05T15:37:54.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.4.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.4.0","dependencies_parsed_at":"2023-07-20T20:59:53.182Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.4.0/manifests"},{"name":"v4.3.2","sha":"44145137d4524e8fa2a8ded0613aab21a714cad3","kind":"commit","published_at":"2020-11-04T22:22:13.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.3.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.3.2","dependencies_parsed_at":"2023-07-20T20:42:45.675Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.3.2/manifests"},{"name":"v4.3.1","sha":"c0db393cf333dc4d5aa52b012ec4c3eeebcd4422","kind":"commit","published_at":"2020-11-04T16:12:24.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.3.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.3.1","dependencies_parsed_at":"2023-07-20T20:42:43.950Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.3.1/manifests"},{"name":"v4.3.0","sha":"ecd1d1d1dbfc0f9aeed8b05bcc421fc7edb081d0","kind":"commit","published_at":"2020-10-26T10:10:36.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.3.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.3.0","dependencies_parsed_at":"2023-07-20T20:59:51.993Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.3.0/manifests"},{"name":"v4.2.6","sha":"c1fb5c7ebc7558db22df3abad081ab6418be5bfe","kind":"commit","published_at":"2020-10-24T09:36:23.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.2.6","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.2.6","dependencies_parsed_at":"2023-07-20T20:59:51.900Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.6/manifests"},{"name":"4.2.5","sha":"c1fb5c7ebc7558db22df3abad081ab6418be5bfe","kind":"commit","published_at":"2020-10-24T09:36:23.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/4.2.5","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/4.2.5","dependencies_parsed_at":"2023-07-20T21:00:05.632Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/4.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/4.2.5/manifests"},{"name":"4.2.4","sha":"9478e8b788a8e2d90d8beb66aba728bd3426fea7","kind":"commit","published_at":"2020-10-23T21:45:45.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/4.2.4","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/4.2.4","dependencies_parsed_at":"2023-07-20T20:59:51.563Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/4.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/4.2.4/manifests"},{"name":"v4.2.4","sha":"9478e8b788a8e2d90d8beb66aba728bd3426fea7","kind":"commit","published_at":"2020-10-23T21:45:45.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.2.4","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.2.4","dependencies_parsed_at":"2023-07-20T21:00:38.707Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.4/manifests"},{"name":"v4.2.3","sha":"0537b383acf6bf2ca252b5cca6b3e8c66db51c0d","kind":"commit","published_at":"2020-10-23T21:30:28.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.2.3","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.2.3","dependencies_parsed_at":"2023-07-20T20:42:42.106Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.3/manifests"},{"name":"v4.2.2","sha":"e49d4ce5d4799c63fc6bec488128d996bb28eb98","kind":"commit","published_at":"2020-10-23T16:48:27.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.2.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.2.2","dependencies_parsed_at":"2023-07-20T20:59:06.590Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.2/manifests"},{"name":"v4.2.1","sha":"399d67295d89098fffcc9169cbf3801215838f59","kind":"commit","published_at":"2020-10-21T19:27:34.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.2.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.2.1","dependencies_parsed_at":"2023-07-20T20:42:45.364Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.1/manifests"},{"name":"v4.2.0","sha":"351a4900fd41da8778f6ff2d00f8da2da3ddb205","kind":"commit","published_at":"2020-10-20T09:22:53.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.2.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.2.0","dependencies_parsed_at":"2023-07-20T21:00:38.500Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.2.0/manifests"},{"name":"v4.0.2","sha":"3f83a5b8bf4808a6bdc6520e1f91360e1b934b6e","kind":"commit","published_at":"2020-10-17T20:03:09.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.0.2","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.0.2","dependencies_parsed_at":"2023-07-20T20:42:42.530Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.0.2/manifests"},{"name":"v4.1.0","sha":"3f83a5b8bf4808a6bdc6520e1f91360e1b934b6e","kind":"commit","published_at":"2020-10-17T20:03:09.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.1.0","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.1.0","dependencies_parsed_at":"2023-07-20T20:42:43.416Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.1.0/manifests"},{"name":"v4.0.1","sha":"f4ee12c18ecfb70f2f4bb0515bb8ed56911bc1d8","kind":"commit","published_at":"2020-10-17T14:16:06.000Z","download_url":"https://codeload.github.com/oxsecurity/megalinter/tar.gz/v4.0.1","html_url":"https://github.com/oxsecurity/megalinter/releases/tag/v4.0.1","dependencies_parsed_at":"2023-07-20T20:42:46.336Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fmegalinter/tags/v4.0.1/manifests"}]},"repo_metadata_updated_at":"2025-05-08T20:08:19.151Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":224,"rankings":{"downloads":null,"dependent_repos_count":2.861670099825701,"dependent_packages_count":0.0,"stargazers_count":0.14577721438757724,"forks_count":0.282047219141182,"docker_downloads_count":0.8619870068135003,"average":0.8302963080335921},"purl":"pkg:githubactions/oxsecurity/megalinter","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/oxsecurity/megalinter","docker_dependents_count":1,"docker_downloads_count":482276,"usage_url":"https://repos.ecosyste.ms/usage/actions/oxsecurity/megalinter","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/oxsecurity/megalinter/dependencies","status":"removed","funding_links":["https://github.com/sponsors/nvuillam","https://github.com/sponsors/echoix","https://github.com/sponsors/bdovaz"],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/oxsecurity%2Fmegalinter/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/oxsecurity%2Fmegalinter/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/oxsecurity%2Fmegalinter/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/oxsecurity%2Fmegalinter/related_packages","maintainers":[],"registry":{"name":"github actions","url":"https://github.com/marketplace/actions/","ecosystem":"actions","default":true,"packages_count":31631,"maintainers_count":0,"namespaces_count":19972,"keywords_count":6683,"github":"actions","metadata":{"funded_packages_count":2966},"icon_url":"https://github.com/actions.png","created_at":"2023-01-03T17:16:39.185Z","updated_at":"2025-06-07T05:39:45.903Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/namespaces"}},"unique_repositories_count":241,"unique_repositories_count_past_30_days":9,"recent_issues":[{"uuid":"4609392772","node_id":"PR_kwDOQ9aw2c7juQ9J","number":46,"state":"open","title":"chore(deps): bump oxsecurity/megalinter from 5959937332eef39ce9dd99fcd87dbeccc0be273e to a151007c426d6bc89bfde35a7bd3cd64cf373493","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T01:26:36.000Z","updated_at":"2026-06-08T01:28:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"5959937332eef39ce9dd99fcd87dbeccc0be273e","new_version":"a151007c426d6bc89bfde35a7bd3cd64cf373493","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 5959937332eef39ce9dd99fcd87dbeccc0be273e to a151007c426d6bc89bfde35a7bd3cd64cf373493.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStop generating per-linter Dockerfiles for linters marked \u003ccode\u003edisabled: true\u003c/code\u003e in their descriptor. The matching images were already excluded from the build matrix (\u003ccode\u003elinters_matrix.json\u003c/code\u003e) and never published, so the on-disk \u003ccode\u003elinters/\u0026lt;linter\u0026gt;/Dockerfile\u003c/code\u003e was dead code. Deleted the 8 corresponding stale Dockerfile directories.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a151007c426d6bc89bfde35a7bd3cd64cf373493\"\u003e\u003ccode\u003ea151007\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-core from 1.4.0 to 1.4.1 in /.config/python/dev (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/04e722590021a5326a2f7ad85823da15d860a14e\"\u003e\u003ccode\u003e04e7225\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/959495f31da1dd6984bf6f9be1fb8a8373eca5eb\"\u003e\u003ccode\u003e959495f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency anchore/syft to v1.45.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f2cc57f835d42b3f82905e7828718635406104e1\"\u003e\u003ccode\u003ef2cc57f\u003c/code\u003e\u003c/a\u003e chore(deps): update phpstan packages to v2.2.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8031\"\u003e#8031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f6c4453d4579a74170f3d53acd1ff39b52948159\"\u003e\u003ccode\u003ef6c4453\u003c/code\u003e\u003c/a\u003e chore(deps): update salesforce packages to v2.28.6 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8032\"\u003e#8032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0f7586d0da20b7d9555b31a7bf91c89b7d30580e\"\u003e\u003ccode\u003e0f7586d\u003c/code\u003e\u003c/a\u003e chore(deps): bump rq from 2.9.0 to 2.9.1 in /server (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8046\"\u003e#8046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e7d1d4e14ca80e25391cde478a9b025a1b765e32\"\u003e\u003ccode\u003ee7d1d4e\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-multipart to v0.0.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8024\"\u003e#8024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/db3ea5d6c1a0b3f698c31510714ed7c15d1708d5\"\u003e\u003ccode\u003edb3ea5d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency sqlfluff to v4.2.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8028\"\u003e#8028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6ffd240b42b4d8a2345cf0ad74edffc64c42a309\"\u003e\u003ccode\u003e6ffd240\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/terraform-linters/tflint docker tag to v0.63.1 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/69268416e0a6e9bf5ccfcbb6250bc42da971ac47\"\u003e\u003ccode\u003e6926841\u003c/code\u003e\u003c/a\u003e chore(deps): update salesforce packages to v2.137.7 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8041\"\u003e#8041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/5959937332eef39ce9dd99fcd87dbeccc0be273e...a151007c426d6bc89bfde35a7bd3cd64cf373493\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/coat-tag-validator/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcoat-tag-validator/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"},{"uuid":"4519226644","node_id":"PR_kwDOQk55ps7fJ7kf","number":133,"state":"open","title":"perf(deps): bump oxsecurity/megalinter from 9.4.0 to 9.5.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T19:56:44.000Z","updated_at":"2026-05-27T05:17:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"perf(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.4.0 to 9.5.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStop generating per-linter Dockerfiles for linters marked \u003ccode\u003edisabled: true\u003c/code\u003e in their descriptor. The matching images were already excluded from the build matrix (\u003ccode\u003elinters_matrix.json\u003c/code\u003e) and never published, so the on-disk \u003ccode\u003elinters/\u0026lt;linter\u0026gt;/Dockerfile\u003c/code\u003e was dead code. Deleted the 8 corresponding stale Dockerfile directories.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress the new \u003ccode\u003eref-version-mismatch\u003c/code\u003e audit introduced by zizmor 1.25.0 for the project's pinned \u003ccode\u003euses:\u003c/code\u003e action references. The SHA pins are correct (the supply-chain property); only the inline \u003ccode\u003e# vX\u003c/code\u003e comments lag behind exact subversions, and renovate maintains the hashes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kc-workspace/kcws/pull/133","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kc-workspace%2Fkcws/issues/133","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/133/packages"},{"uuid":"4513823966","node_id":"PR_kwDOH_O8q87e4gC4","number":812,"state":"open","title":"build(deps): bump oxsecurity/megalinter from 9.4.0 to 9.5.0 in the github-actions group","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T02:23:21.000Z","updated_at":"2026-05-25T02:26:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":"the github-actions group","ecosystem":"actions"},"body":"Bumps the github-actions group with 1 update: [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter).\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStop generating per-linter Dockerfiles for linters marked \u003ccode\u003edisabled: true\u003c/code\u003e in their descriptor. The matching images were already excluded from the build matrix (\u003ccode\u003elinters_matrix.json\u003c/code\u003e) and never published, so the on-disk \u003ccode\u003elinters/\u0026lt;linter\u0026gt;/Dockerfile\u003c/code\u003e was dead code. Deleted the 8 corresponding stale Dockerfile directories.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress the new \u003ccode\u003eref-version-mismatch\u003c/code\u003e audit introduced by zizmor 1.25.0 for the project's pinned \u003ccode\u003euses:\u003c/code\u003e action references. The SHA pins are correct (the supply-chain property); only the inline \u003ccode\u003e# vX\u003c/code\u003e comments lag behind exact subversions, and renovate maintains the hashes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=9.4.0\u0026new-version=9.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/philips-software/amp-hal-st/pull/812","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Famp-hal-st/issues/812","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/812/packages"},{"uuid":"4499310831","node_id":"PR_kwDORywFDM7eLTCU","number":7,"state":"closed","title":"Bump the patch-minor-action-updates group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T02:23:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T02:26:29.000Z","updated_at":"2026-06-05T02:23:51.000Z","time_to_close":1209441,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"patch-minor-action-updates","update_count":6,"packages":[{"name":"hendrikmuhs/ccache-action","old_version":"1.2.21","new_version":"1.2.23","repository_url":"https://github.com/hendrikmuhs/ccache-action"},{"name":"lukka/run-cmake","old_version":"10.8","new_version":"10.9","repository_url":"https://github.com/lukka/run-cmake"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"carlosperate/arm-none-eabi-gcc-action","old_version":"1.12.1","new_version":"1.12.3","repository_url":"https://github.com/carlosperate/arm-none-eabi-gcc-action"},{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/create-github-app-token","old_version":"3.0.0","new_version":"3.2.0","repository_url":"https://github.com/actions/create-github-app-token"}],"path":null,"ecosystem":"actions"},"body":"Bumps the patch-minor-action-updates group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.21` | `1.2.23` |\n| [lukka/run-cmake](https://github.com/lukka/run-cmake) | `10.8` | `10.9` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [carlosperate/arm-none-eabi-gcc-action](https://github.com/carlosperate/arm-none-eabi-gcc-action) | `1.12.1` | `1.12.3` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.4.0` | `9.5.0` |\n| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.0.0` | `3.2.0` |\n\n\nUpdates `hendrikmuhs/ccache-action` from 1.2.21 to 1.2.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/releases\"\u003ehendrikmuhs/ccache-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/436\"\u003ehendrikmuhs/ccache-action#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.5.0 to 25.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/440\"\u003ehendrikmuhs/ccache-action#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate ccache to 4.13.3 by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/441\"\u003ehendrikmuhs/ccache-action#441\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/438\"\u003ehendrikmuhs/ccache-action#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport platforms without upstream ccache/sccache releases by \u003ca href=\"https://github.com/luhenry\"\u003e\u003ccode\u003e@​luhenry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/439\"\u003ehendrikmuhs/ccache-action#439\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/luhenry\"\u003e\u003ccode\u003e@​luhenry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/439\"\u003ehendrikmuhs/ccache-action#439\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/v1.2.22...v1.2.23\"\u003ehttps://github.com/hendrikmuhs/ccache-action/compare/v1.2.22...v1.2.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump picomatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/435\"\u003ehendrikmuhs/ccache-action#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.1 to 5.5.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/434\"\u003ehendrikmuhs/ccache-action#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/v1.2.21...v1.2.22\"\u003ehttps://github.com/hendrikmuhs/ccache-action/compare/v1.2.21...v1.2.22\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/d62db5f07c26379fc4b4e0916f098a92573c3b03\"\u003e\u003ccode\u003ed62db5f\u003c/code\u003e\u003c/a\u003e Support platforms without upstream ccache/sccache releases (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/439\"\u003e#439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/05e1c04f70f450688c8bf36082e71050cda33fff\"\u003e\u003ccode\u003e05e1c04\u003c/code\u003e\u003c/a\u003e update code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/46cafa7d86381b309fd628848dc9a06f6b62fa84\"\u003e\u003ccode\u003e46cafa7\u003c/code\u003e\u003c/a\u003e Bump brace-expansion (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/438\"\u003e#438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/1f2fc71e6bcde2d2239527d286615b056034631d\"\u003e\u003ccode\u003e1f2fc71\u003c/code\u003e\u003c/a\u003e Update ccache to 4.13.3 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/441\"\u003e#441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/a488765c244f03fddbbccc93de3f64abdb389e59\"\u003e\u003ccode\u003ea488765\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.5.0 to 25.6.0 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/440\"\u003e#440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/c97afba725c6d99ed1e7395257fb02cc412236d5\"\u003e\u003ccode\u003ec97afba\u003c/code\u003e\u003c/a\u003e Bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/33522472633dbd32578e909b315f5ee43ba878ce\"\u003e\u003ccode\u003e3352247\u003c/code\u003e\u003c/a\u003e update code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/e44a23f5a6ffaedad8fe0b99b5fcab622d8eff30\"\u003e\u003ccode\u003ee44a23f\u003c/code\u003e\u003c/a\u003e Bump fast-xml-parser from 5.4.1 to 5.5.7 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/bb3037d80491af493622cfcf9da6f2c5e4d46729\"\u003e\u003ccode\u003ebb3037d\u003c/code\u003e\u003c/a\u003e Bump picomatch (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/1bbbcda0748b3e340dee71a314fa68ffcbd6df79...d62db5f07c26379fc4b4e0916f098a92573c3b03\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lukka/run-cmake` from 10.8 to 10.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lukka/run-cmake/releases\"\u003elukka/run-cmake's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erun-cmake@v10.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDocument solution as suggested in \u003ca href=\"https://github.com/lukka/run-cmake/%E2%80%A6\"\u003ehttps://github.com/lukka/run-cmake/…\u003c/a\u003e by \u003ca href=\"https://github.com/lukka\"\u003e\u003ccode\u003e@​lukka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/151\"\u003elukka/run-cmake#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/155\"\u003e#155\u003c/a\u003e by \u003ca href=\"https://github.com/lukka\"\u003e\u003ccode\u003e@​lukka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/158\"\u003elukka/run-cmake#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GitHub Actions To Use Node 24 by \u003ca href=\"https://github.com/stephengtuggy\"\u003e\u003ccode\u003e@​stephengtuggy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/157\"\u003elukka/run-cmake#157\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stephengtuggy\"\u003e\u003ccode\u003e@​stephengtuggy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/157\"\u003elukka/run-cmake#157\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lukka/run-cmake/compare/v10.8...v10.9\"\u003ehttps://github.com/lukka/run-cmake/compare/v10.8...v10.9\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/5d55ea7949e25f69f0ecb516d8d572297e03a956\"\u003e\u003ccode\u003e5d55ea7\u003c/code\u003e\u003c/a\u003e consume lib v4.1.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/3fd3792e299f5013b7a1f597deb73984fcc1f752\"\u003e\u003ccode\u003e3fd3792\u003c/code\u003e\u003c/a\u003e consume libs v4.1.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/9434c8d328fc0b4e9ee7889e2e2ca31ce54b0141\"\u003e\u003ccode\u003e9434c8d\u003c/code\u003e\u003c/a\u003e second attempt: fixes \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/0cd486b6ae34b8d3ea70d56b9d2038158456a251\"\u003e\u003ccode\u003e0cd486b\u003c/code\u003e\u003c/a\u003e Update GitHub Actions To Use Node 24 (\u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/1c9a7c75677e9a9963334684dd4734a209b8d481\"\u003e\u003ccode\u003e1c9a7c7\u003c/code\u003e\u003c/a\u003e fixed \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/67c73a83a46f86c4e0b96b741ac37ff495478c38\"\u003e\u003ccode\u003e67c73a8\u003c/code\u003e\u003c/a\u003e Document solution as suggested in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/1\"\u003elukka/run-cmake#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/45ee98ed9cfda1048b40f672518179f1545f7fbe\"\u003e\u003ccode\u003e45ee98e\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​octokit/request-error\u003c/code\u003e from 5.0.1 to 5.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/12e545b6075094406306c5a9f11d50a18cce9474\"\u003e\u003ccode\u003e12e545b\u003c/code\u003e\u003c/a\u003e Bump cross-spawn from 7.0.3 to 7.0.6\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lukka/run-cmake/compare/af1be47fd7c933593f687731bc6fdbee024d3ff4...5d55ea7949e25f69f0ecb516d8d572297e03a956\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carlosperate/arm-none-eabi-gcc-action` from 1.12.1 to 1.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/releases\"\u003ecarlosperate/arm-none-eabi-gcc-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.12.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix cache path validation error on Windows by providing require polyfill in ESM\n\u003ccode\u003eactions/toolkit#2085\u003c/code\u003e\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/95\"\u003e#95\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAs there can be OS specific issues when building the action, \u003ccode\u003etest-build\u003c/code\u003e\njob now runs on all supported OSes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.2...v1.12.3\"\u003ehttps://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.2...v1.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace ncc with rollup, for compat with ESM-only dependencies.\u003c/li\u003e\n\u003cli\u003eUpdated most of the direct dependencies to their latest version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/90\"\u003e#90\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/91\"\u003e#91\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/92\"\u003e#92\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.1...v1.12.2\"\u003ehttps://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.1...v1.12.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/blob/main/CHANGELOG.md\"\u003ecarlosperate/arm-none-eabi-gcc-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.12.3 - (2026-04-09)\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix cache path validation error on Windows by providing require polyfill in ESM\n\u003ccode\u003eactions/toolkit#2085\u003c/code\u003e\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/95\"\u003e#95\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAs there can be OS specific issues when building the action, \u003ccode\u003etest-build\u003c/code\u003e\njob now runs on all supported OSes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.12.2 - 2026-04-08\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace ncc with rollup, for compat with ESM-only dependencies.\u003c/li\u003e\n\u003cli\u003eUpdated most of the direct dependencies to their latest version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/90\"\u003e#90\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/91\"\u003e#91\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/92\"\u003e#92\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.12.1 - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgraded the running node version from v20 to v24 (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/88\"\u003e#88\u003c/a\u003e thanks \u003ca href=\"https://github.com/ETSells\"\u003e\u003ccode\u003e@​ETSells\u003c/code\u003e\u003c/a\u003e!)\u003c/li\u003e\n\u003cli\u003eMinor refactor to switch \u003ccode\u003e@actions/http-client\u003c/code\u003e with \u003ccode\u003efetch\u003c/code\u003e (441583d)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/85\"\u003e#85\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.12.0 - 2025-12-21\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e15.2.Rel1\u003c/code\u003e Arm GNU Toolchain release (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/83\"\u003e#83\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor refactor of GCC versions data location\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.11.1 - 2025-11-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eArm has moved the GCC downloads to different servers.\nThis action has been updated to be able to follow the URL redirections\naccordingly (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/80\"\u003e#80\u003c/a\u003e), and the URLs have been updated (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/79\"\u003e#79\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/81\"\u003e#81\u003c/a\u003e) (thanks \u003ca href=\"https://github.com/gschwaer\"\u003e\u003ccode\u003e@​gschwaer\u003c/code\u003e\u003c/a\u003e!)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/73\"\u003e#73\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.11.0 - 2025-11-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e14.3.Rel1\u003c/code\u003e Arm GNU Toolchain release (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/66\"\u003e#66\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/68\"\u003e#68\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/71\"\u003e#71\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/0725d97b026acf7fc8e22dfd5bee912998879ba8\"\u003e\u003ccode\u003e0725d97\u003c/code\u003e\u003c/a\u003e project: Uprev to v1.12.3 \u0026amp; update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/06b4f82efd2010cc3317a49b5ecd38f6c8b8c9fc\"\u003e\u003ccode\u003e06b4f82\u003c/code\u003e\u003c/a\u003e fix: Windows cache path validation within \u003ccode\u003e@​actions/cache\u003c/code\u003e-\u0026gt;\u003ccode\u003e@​actions/glob\u003c/code\u003e-\u0026gt;mini...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/58bf5136fd1e83623fdb0c7662069e3d7695d098\"\u003e\u003ccode\u003e58bf513\u003c/code\u003e\u003c/a\u003e ci: Run \u003ccode\u003etest-build\u003c/code\u003e on all OSes to catch platform specific issues.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/c2381d89698e3125599615f3082bfe032cf7c180\"\u003e\u003ccode\u003ec2381d8\u003c/code\u003e\u003c/a\u003e Project: Uprev to v1.12.2 \u0026amp; update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/2ca53df556625551277e1487d410b95c8e6611d0\"\u003e\u003ccode\u003e2ca53df\u003c/code\u003e\u003c/a\u003e deps: Bump brace-expansion (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/604387eec1cf7ceced38f2179726b042cbf5cdf8\"\u003e\u003ccode\u003e604387e\u003c/code\u003e\u003c/a\u003e deps: Bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/4f77049a4aee2c8327480370a01cd20dbfe2c930\"\u003e\u003ccode\u003e4f77049\u003c/code\u003e\u003c/a\u003e deps: Bump picomatch (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/3052bce9f208cb1863576c343e1694a214ae091f\"\u003e\u003ccode\u003e3052bce\u003c/code\u003e\u003c/a\u003e ci: Fix jest ESM handling for the URL tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/15d2e9a4699ad9da920b942fd57e21e3cc6c71a6\"\u003e\u003ccode\u003e15d2e9a\u003c/code\u003e\u003c/a\u003e deps: Updated most dependencies to the latest version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/c28a6fcd9f45a16379724cd2f0fae5cf412f81c0\"\u003e\u003ccode\u003ec28a6fc\u003c/code\u003e\u003c/a\u003e deps: Bump flatted from 3.2.2 to 3.4.2 (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/compare/7153327ecfbc421a0b4268058e4bb3d5d6e5df2c...0725d97b026acf7fc8e22dfd5bee912998879ba8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/create-github-app-token` from 3.0.0 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/create-github-app-token/releases\"\u003eactions/create-github-app-token's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for enterprise-level GitHub Apps (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/263\"\u003e#263\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4\"\u003e952a2a7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport full repository names in \u003ccode\u003erepositories\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/372\"\u003e#372\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6\"\u003e85eb8dd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in the production-dependencies group (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/364\"\u003e#364\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857\"\u003e43e5c34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003evalidate private-key input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/376\"\u003e#376\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd\"\u003ef24bbd8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2026-04-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove error message when app identifier is empty (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/362\"\u003e#362\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/07e2b760664f080c40eec4eacf7477256582db36\"\u003e07e2b76\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/249\"\u003e#249\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.0.0...v3.1.0\"\u003e3.1.0\u003c/a\u003e (2026-04-11)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump p-retry from 7.1.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/357\"\u003e#357\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/3bbe07d928e2d6c30bf3e37c6b89edbc4045facf\"\u003e3bbe07d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eclient-id\u003c/code\u003e input and deprecate \u003ccode\u003eapp-id\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/353\"\u003e#353\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/e6bd4e6970172bed9fe138b2eaf4cbffa4cca8f9\"\u003ee6bd4e6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate permission inputs (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/358\"\u003e#358\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/076e9480ca6e9633bff412d05eff0fc2f1e7d2be\"\u003e076e948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md\"\u003eactions/create-github-app-token's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for enterprise-level GitHub Apps (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/263\"\u003e#263\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4\"\u003e952a2a7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport full repository names in \u003ccode\u003erepositories\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/372\"\u003e#372\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6\"\u003e85eb8dd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in the production-dependencies group (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/364\"\u003e#364\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857\"\u003e43e5c34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003evalidate private-key input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/376\"\u003e#376\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd\"\u003ef24bbd8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/bcd2ba49218906704ab6c1aa796996da409d3eb1\"\u003e\u003ccode\u003ebcd2ba4\u003c/code\u003e\u003c/a\u003e chore(main): release 3.2.0 (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd\"\u003e\u003ccode\u003ef24bbd8\u003c/code\u003e\u003c/a\u003e fix: validate private-key input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/376\"\u003e#376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/363531b6d972a60a00b3f1e6bb139e5e6c764cd9\"\u003e\u003ccode\u003e363531b\u003c/code\u003e\u003c/a\u003e docs: capitalize Git as a proper noun in README (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/fd2801133e469d2950f2c5af5e591d6b2ad833c8\"\u003e\u003ccode\u003efd28011\u003c/code\u003e\u003c/a\u003e docs: update procedure to configure Git (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6\"\u003e\u003ccode\u003e85eb8dd\u003c/code\u003e\u003c/a\u003e feat: support full repository names in \u003ccode\u003erepositories\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/372\"\u003e#372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/c9aabb83728c3bd519212fa657ebc07e1f2a5dec\"\u003e\u003ccode\u003ec9aabb8\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/e02e816e5591415258a53bf735aff57977dcd5e2\"\u003e\u003ccode\u003ee02e816\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump undici from 7.24.6 to 8.2.0 (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/8d835bfd37aa48fcb8e709925115857568d98bc4\"\u003e\u003ccode\u003e8d835bf\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4\"\u003e\u003ccode\u003e952a2a7\u003c/code\u003e\u003c/a\u003e feat: add support for enterprise-level GitHub Apps (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857\"\u003e\u003ccode\u003e43e5c34\u003c/code\u003e\u003c/a\u003e fix(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in the production-dependenc...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/create-github-app-token/compare/f8d387b68d61c58ab83c6c016672934102569859...bcd2ba49218906704ab6c1aa796996da409d3eb1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/gabrielfrasantos/fin-bs/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gabrielfrasantos%2Ffin-bs/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4476247534","node_id":"PR_kwDOEKuYws7dAjHK","number":438,"state":"closed","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 59759b5cedbf26980423e9c71026fd064f5e4910","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-26T04:58:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T09:39:38.000Z","updated_at":"2026-05-26T04:58:12.000Z","time_to_close":587912,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"59759b5cedbf26980423e9c71026fd064f5e4910","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 59759b5cedbf26980423e9c71026fd064f5e4910.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/59759b5cedbf26980423e9c71026fd064f5e4910\"\u003e\u003ccode\u003e59759b5\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency jscpd to v4.2.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7859\"\u003e#7859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/906d3d39c5fa9f672e60fd6fad17f2a66c916f0b\"\u003e\u003ccode\u003e906d3d3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency black to v26.5.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7858\"\u003e#7858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/db18d6105982f426364252ed21f2b9ad527d30f3\"\u003e\u003ccode\u003edb18d61\u003c/code\u003e\u003c/a\u003e fix: prevent command injection in Roslynator linter by using argv list for do...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/da59f1c8f8ca276e3af4d13122e09e90d7feae78\"\u003e\u003ccode\u003eda59f1c\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/efc81827ee2ffe82835bca3eb88444167a109999\"\u003e\u003ccode\u003eefc8182\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-multipart to v0.0.29 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/d62889bbe8b90392dd0393ce3638111637eb0733\"\u003e\u003ccode\u003ed62889b\u003c/code\u003e\u003c/a\u003e Update python version in devcontainer image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7853\"\u003e#7853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/818c0514b584f3dc8dc66b7ead77761d2ade0a08\"\u003e\u003ccode\u003e818c051\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency jscpd to v4.2.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7852\"\u003e#7852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/47f6fece9e418aa243c85f6139e8c73a39ce3e03\"\u003e\u003ccode\u003e47f6fec\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency stylelint to v17.11.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7851\"\u003e#7851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/655e34f36f63ec654990f7683145ec47aa88430c\"\u003e\u003ccode\u003e655e34f\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7846\"\u003e#7846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4cd964e88da9fb7516f4c06401536e7f323e17ac\"\u003e\u003ccode\u003e4cd964e\u003c/code\u003e\u003c/a\u003e feat: collect and update Docker image download counts, update README badges (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...59759b5cedbf26980423e9c71026fd064f5e4910\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/438","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/438","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/438/packages"},{"uuid":"4474258339","node_id":"PR_kwDOQ4obY87c6Kg9","number":21,"state":"open","title":"fix(deps): bump the minor-and-patch group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T03:54:35.000Z","updated_at":"2026-05-19T03:56:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps): bump","group_name":"minor-and-patch","update_count":2,"packages":[{"name":"github/codeql-action","old_version":"4.35.3","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps the minor-and-patch group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter).\n\nUpdates `github/codeql-action` from 4.35.3 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/wesley-dean/docme/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wesley-dean%2Fdocme/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4473035822","node_id":"PR_kwDOMShRxc7c2Sex","number":119,"state":"open","title":"Bump oxsecurity/megalinter from 9.4.0 to 9.5.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T22:34:02.000Z","updated_at":"2026-05-18T22:36:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.4.0 to 9.5.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=9.4.0\u0026new-version=9.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wesley-dean/dht11_mqtt/pull/119","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wesley-dean%2Fdht11_mqtt/issues/119","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/119/packages"},{"uuid":"4467968094","node_id":"PR_kwDODWdgvM7clzGf","number":4835,"state":"open","title":"Bump oxsecurity/megalinter from 9.4.0 to 9.5.0","user":"dependabot[bot]","labels":["dependencies","github_actions","needs-ok-to-test"],"assignees":["cadenmarchese"],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T09:35:13.000Z","updated_at":"2026-05-27T12:47:04.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.4.0 to 9.5.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://stylelint.io\"\u003estylelint\u003c/a\u003e from 17.11.0 to \u003cstrong\u003e17.11.1\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=9.4.0\u0026new-version=9.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Azure/ARO-RP/pull/4835","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FARO-RP/issues/4835","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4835/packages"},{"uuid":"4466477357","node_id":"PR_kwDOR03C5s7chBD9","number":21,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 8 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T05:24:22.000Z","updated_at":"2026-05-18T05:28:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":8,"packages":[{"name":"astral-sh/setup-uv","old_version":"8.0.0","new_version":"8.1.0","repository_url":"https://github.com/astral-sh/setup-uv"},{"name":"actions/cache","old_version":"5.0.4","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"softprops/action-gh-release","old_version":"2.6.1","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"SonarSource/sonarqube-scan-action","old_version":"7.1.0","new_version":"8.0.0","repository_url":"https://github.com/sonarsource/sonarqube-scan-action"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"peter-evans/create-pull-request","old_version":"8.1.0","new_version":"8.1.1","repository_url":"https://github.com/peter-evans/create-pull-request"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.0.0` | `8.1.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.4.0` | `9.5.0` |\n| [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `7.1.0` | `8.0.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` |\n\n\nUpdates `astral-sh/setup-uv` from 8.0.0 to 8.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/setup-uv/releases\"\u003eastral-sh/setup-uv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.1.0 🌈 New input \u003ccode\u003eno-project\u003c/code\u003e\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cp\u003eThis add the a new boolean input \u003ccode\u003eno-project\u003c/code\u003e.\nIt only makes sense to use in combination with \u003ccode\u003eactivate-environment: true\u003c/code\u003e and will append \u003ccode\u003e--no project\u003c/code\u003e to the \u003ccode\u003euv venv\u003c/code\u003e call. This is for example useful \u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/854\"\u003eif you have a pyproject.toml file with parts unparseable by uv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e🚀 Enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd input no-project in combination with activate-environment \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧰 Maintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: grant contents:write to validate-release job \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/860\"\u003e#860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a release-gate step to the release workflow \u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDraft commitish releases \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd action-types.yml to instructions \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.7 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor version resolving \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/852\"\u003e#852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.6 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.5 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/845\"\u003e#845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.4 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/843\"\u003e#843\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a release workflow \u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/839\"\u003e#839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.3 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ignore-nothing-to-cache documentation \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/833\"\u003e#833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin setup-uv docs to v8 \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/829\"\u003e#829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependency updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/855\"\u003e#855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/08807647e7069bb48b6ef5acd8ec9567f424441b\"\u003e\u003ccode\u003e0880764\u003c/code\u003e\u003c/a\u003e fix: grant contents:write to validate-release job (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/860\"\u003e#860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/717d6aba0f15312f509f5c4999e34d71ecbab8a9\"\u003e\u003ccode\u003e717d6ab\u003c/code\u003e\u003c/a\u003e Add a release-gate step to the release workflow (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/5a911eb3a3983b5e650f2dad95c1ce698ca94378\"\u003e\u003ccode\u003e5a911eb\u003c/code\u003e\u003c/a\u003e Draft commitish releases (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/080c31e04cd7155b0ca676d08c7bc260a4476a23\"\u003e\u003ccode\u003e080c31e\u003c/code\u003e\u003c/a\u003e Add action-types.yml to instructions (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/b3e97d2ba1a1eed7e9d1f8456dd06c3b725bc3a6\"\u003e\u003ccode\u003eb3e97d2\u003c/code\u003e\u003c/a\u003e Add input no-project in combination with activate-environment (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/7dd591db9557f680290587fcc578372813b9ff64\"\u003e\u003ccode\u003e7dd591d\u003c/code\u003e\u003c/a\u003e chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/855\"\u003e#855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/1541b7762698877904805605192ecd63d0e4787a\"\u003e\u003ccode\u003e1541b77\u003c/code\u003e\u003c/a\u003e chore: update known checksums for 0.11.7 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/cdfb2ee6dde255817c739680168ad81e184c4bfb\"\u003e\u003ccode\u003ecdfb2ee\u003c/code\u003e\u003c/a\u003e Refactor version resolving (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/852\"\u003e#852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/cb84d12dc6a0d495b82fcae14fa4559b90698660\"\u003e\u003ccode\u003ecb84d12\u003c/code\u003e\u003c/a\u003e chore: update known checksums for 0.11.6 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/1912cc65f2e839707d7a16f2372f30b57d35fd80\"\u003e\u003ccode\u003e1912cc6\u003c/code\u003e\u003c/a\u003e chore: update known checksums for 0.11.5 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/845\"\u003e#845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/setup-uv/compare/cec208311dfd045dd5311c1add060b2062131d57...08807647e7069bb48b6ef5acd8ec9567f424441b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.6.1 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003e\u003ccode\u003eb430933\u003c/code\u003e\u003c/a\u003e release: cut v3.0.0 for Node 24 upgrade (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f\"\u003e\u003ccode\u003ec2e35e0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group across 1 directory with 7 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65\"\u003e\u003ccode\u003e3bb1273\u003c/code\u003e\u003c/a\u003e release 2.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c34030fec99b0db0f2f22ce7806c445dddb6e224\"\u003e\u003ccode\u003ec34030f\u003c/code\u003e\u003c/a\u003e chore: bump node to 24.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/8975bd05c0630603edb0dca2fc7544bf1c77f600\"\u003e\u003ccode\u003e8975bd0\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.0 to 8.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/781\"\u003e#781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/f71937f44d5662ac6eb861431746174a7b46a7b6\"\u003e\u003ccode\u003ef71937f\u003c/code\u003e\u003c/a\u003e chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/777\"\u003e#777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3f0d239d58d5c226738ec0a08d0465b548dc026f\"\u003e\u003ccode\u003e3f0d239\u003c/code\u003e\u003c/a\u003e chore(deps): bump picomatch from 4.0.3 to 4.0.4 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/775\"\u003e#775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://stylelint.io\"\u003estylelint\u003c/a\u003e from 17.11.0 to \u003cstrong\u003e17.11.1\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `SonarSource/sonarqube-scan-action` from 7.1.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sonarsource/sonarqube-scan-action/releases\"\u003eSonarSource/sonarqube-scan-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking change\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSQSCANGHA-145 Set skipSignatureVerification default value to false by \u003ca href=\"https://github.com/antoine-vinot-sonarsource\"\u003e\u003ccode\u003e@​antoine-vinot-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/241\"\u003eSonarSource/sonarqube-scan-action#241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/compare/v7...v8.0.0\"\u003ehttps://github.com/SonarSource/sonarqube-scan-action/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSQSCANGHA-140 Set skipSignatureVerification default value to true to avoid breaking change by \u003ca href=\"https://github.com/gmmcal\"\u003e\u003ccode\u003e@​gmmcal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/240\"\u003eSonarSource/sonarqube-scan-action#240\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.1\"\u003ehttps://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/226\"\u003eSonarSource/sonarqube-scan-action#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSC-45750 Migrate to dateless license headers by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/229\"\u003eSonarSource/sonarqube-scan-action#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSQSCANGHA-134 Upgrade the libraries to latest version by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/227\"\u003eSonarSource/sonarqube-scan-action#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSQSCANGHA-138 Update dist and add ci test by \u003ca href=\"https://github.com/antoine-vinot-sonarsource\"\u003e\u003ccode\u003e@​antoine-vinot-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/233\"\u003eSonarSource/sonarqube-scan-action#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSQSCANGHA-140 Add OpenPGP signature verification for scanner downloads by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/235\"\u003eSonarSource/sonarqube-scan-action#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.0\"\u003ehttps://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/59db25f34e16620e48ab4bb9e4a5dce155cb5432\"\u003e\u003ccode\u003e59db25f\u003c/code\u003e\u003c/a\u003e SQSCANGHA-145 Set skipSignatureVerification default value to false (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/ca30b65f4ea9f033b8a6fc0ffc9816a562d13f55\"\u003e\u003ccode\u003eca30b65\u003c/code\u003e\u003c/a\u003e SQSCANGHA-143 SubmitReview: Use Vault token (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/238\"\u003e#238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/c7ee0f9df90b7aa20e8dcf9695dcfe2e7da5b4f2\"\u003e\u003ccode\u003ec7ee0f9\u003c/code\u003e\u003c/a\u003e SQSCANGHA-140 Set skipSignatureVerification default value to true to avoid br...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/55e44800a8f495208cce6e4e82f5dedb45fcf0ef\"\u003e\u003ccode\u003e55e4480\u003c/code\u003e\u003c/a\u003e SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/30dbe5c9eeccb106afb2590dcb61f7a05ffbee14\"\u003e\u003ccode\u003e30dbe5c\u003c/code\u003e\u003c/a\u003e SQSCANGHA-138 Update dist and add ci test (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/233\"\u003e#233\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/c8357220fa7152a7881d87dcaefafbd129e37cb9\"\u003e\u003ccode\u003ec835722\u003c/code\u003e\u003c/a\u003e SQSCANGHA-134 Upgrade the libraries to latest version (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/f00de44f574073760c9deaf47f694e10431f3988\"\u003e\u003ccode\u003ef00de44\u003c/code\u003e\u003c/a\u003e SC-45750 Migrate to dateless license headers (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/f099b441665cb71b0414100cfaf6d835492cee5f\"\u003e\u003ccode\u003ef099b44\u003c/code\u003e\u003c/a\u003e SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/d899ed299620f557b0175710b8dedbdd7c31213d\"\u003e\u003ccode\u003ed899ed2\u003c/code\u003e\u003c/a\u003e BUILD-10861 Dependabot 5-day cooldown + internal excludes (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sonarsource/sonarqube-scan-action/compare/299e4b793aaa83bf2aba7c9c14bedbb485688ec4...59db25f34e16620e48ab4bb9e4a5dce155cb5432\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/peter-evans/create-pull-request/releases\"\u003epeter-evans/create-pull-request's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCreate Pull Request v8.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump the npm group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4305\"\u003epeter-evans/create-pull-request#4305\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4311\"\u003epeter-evans/create-pull-request#4311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the github-actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4316\"\u003epeter-evans/create-pull-request#4316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jest-environment-jsdom by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4323\"\u003epeter-evans/create-pull-request#4323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump undici from 6.23.0 to 6.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4328\"\u003epeter-evans/create-pull-request#4328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4334\"\u003epeter-evans/create-pull-request#4334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump picomatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4339\"\u003epeter-evans/create-pull-request#4339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4344\"\u003epeter-evans/create-pull-request#4344\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the npm group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4349\"\u003epeter-evans/create-pull-request#4349\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: retry post-creation API calls on 422 eventual consistency errors by \u003ca href=\"https://github.com/peter-evans\"\u003e\u003ccode\u003e@​peter-evans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4356\"\u003epeter-evans/create-pull-request#4356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1\"\u003ehttps://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/5f6978faf089d4d20b00c7766989d076bb2fc7f1\"\u003e\u003ccode\u003e5f6978f\u003c/code\u003e\u003c/a\u003e fix: retry post-creation API calls on 422 eventual consistency errors (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4356\"\u003e#4356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/d32e88dac789dcc7906e7d26f69f24116fa9c97d\"\u003e\u003ccode\u003ed32e88d\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump the npm group with 3 updates (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4349\"\u003e#4349\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/8170bccad11c0df62542c04dcaefe36d342dfd39\"\u003e\u003ccode\u003e8170bcc\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4344\"\u003e#4344\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/00418193b417f888dbf1d993c5c0d31d27fdc7de\"\u003e\u003ccode\u003e0041819\u003c/code\u003e\u003c/a\u003e build(deps): bump picomatch (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4339\"\u003e#4339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/b993918c8536b6d44706130734d5456879762b27\"\u003e\u003ccode\u003eb993918\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4334\"\u003e#4334\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/36d7c8468b48f9c2f8f29e260e82f10d4b90d2bd\"\u003e\u003ccode\u003e36d7c84\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump undici from 6.23.0 to 6.24.0 (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4328\"\u003e#4328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/a45d1fb447fcaf601166e405fd4f335cde1a8aa8\"\u003e\u003ccode\u003ea45d1fb\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jest-environment-jsdom (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4323\"\u003e#4323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/3499eb61835cc0015c0b786e203d74b1e8f55e43\"\u003e\u003ccode\u003e3499eb6\u003c/code\u003e\u003c/a\u003e build(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/3f3b473b8c148f5a7520efb4d1f9a70eea3d9d1f\"\u003e\u003ccode\u003e3f3b473\u003c/code\u003e\u003c/a\u003e build(deps): bump minimatch (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4311\"\u003e#4311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/6699836a213cf8b28c4f0408a404a6ac79d4458a\"\u003e\u003ccode\u003e6699836\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump the npm group with 2 updates (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4305\"\u003e#4305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jan-guenter/squid4win/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jan-guenter%2Fsquid4win/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4426460807","node_id":"PR_kwDOEKuYws7aiMlS","number":435,"state":"open","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 3205785aa2df3d439da937292a712b07ed6ecc03","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T05:30:37.000Z","updated_at":"2026-05-12T05:33:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"3205785aa2df3d439da937292a712b07ed6ecc03","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 3205785aa2df3d439da937292a712b07ed6ecc03.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: add \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003emore default hidden environment variables\u003c/a\u003e, so in case one of the 100+ linters is hacked, the attacker won't get your secrets anyway\u003c/li\u003e\n\u003cli\u003eUpgrade GO version to 1.26.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eosv-scanner (trivy-like security linter, by Google)\u003c/li\u003e\n\u003cli\u003eAdd \u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e GitHub Actions static analysis.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable KICS until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable spectral which is crashing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRe-enable trivy (v0.70.0) now that the supply chain security incident (GHSA-69fq-xp46-6x23) is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ev8r (JSON/YAML schema validation): filter output to show only validation errors, suppressing \u0026quot;no schema found\u0026quot; info and success messages\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix ConsoleLinterReporter to display log sections for all linters (not just errors)\u003c/li\u003e\n\u003cli\u003eFix ConsoleReporter to output results table and reporters logs after linters run\u003c/li\u003e\n\u003cli\u003eProduce linter console reports sequentially in main process for parallel runs to avoid interleaved CI log sections\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable comment reporters (GitHub, GitLab, Azure DevOps, Bitbucket) when running MegaLinter from Jenkins CI\u003c/li\u003e\n\u003cli\u003eFix: use \u003ccode\u003econfig.get()\u003c/code\u003e instead of \u003ccode\u003eos.environ.get()\u003c/code\u003e for \u003ccode\u003eGITHUB_REF\u003c/code\u003e in GithubCommentReporter\u003c/li\u003e\n\u003cli\u003eGitlabCommentReporter now activates when \u003ccode\u003eGITLAB_ACCESS_TOKEN_MEGALINTER\u003c/code\u003e is set (no longer requires \u003ccode\u003eCI_JOB_TOKEN\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eBitbucketCommentReporter: render per-linter sections as \u003ccode\u003e###\u003c/code\u003e headings instead of \u003ccode\u003e\u0026lt;details\u0026gt;/\u0026lt;summary\u0026gt;\u003c/code\u003e, since Bitbucket Cloud markdown strips raw HTML and was displaying the tags as literal text\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate copilot-instructions into Claude Code Agents \u0026amp; Skills\u003c/li\u003e\n\u003cli\u003eAdd documentation for \u003ca href=\"https://github.com/DownAtTheBottomOfTheMoleHole/megalinter-ado\"\u003emegalinter-ado\u003c/a\u003e Azure DevOps extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3205785aa2df3d439da937292a712b07ed6ecc03\"\u003e\u003ccode\u003e3205785\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7740\"\u003e#7740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3c93c030e151a2fbf6a0de34d789f829369d986a\"\u003e\u003ccode\u003e3c93c03\u003c/code\u003e\u003c/a\u003e feat: enhance BitbucketCommentReporter to support markdown rendering adjustme...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ec54dd4a3ae90672af841193a3f454559a9db886\"\u003e\u003ccode\u003eec54dd4\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edae58b57ea2941d816326fa750bd461acdd20bc\"\u003e\u003ccode\u003eedae58b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fs-extra to v11.3.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7738\"\u003e#7738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ac4d7682df78a0c6e28fbf3b2504a52e6b21195b\"\u003e\u003ccode\u003eac4d768\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langchain_mistralai to v1.1.4 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7739\"\u003e#7739\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e1ac3fa3e1764bba22f7f4c607a354ebf269d64\"\u003e\u003ccode\u003e3e1ac3f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency orjson to v3.11.9 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7741\"\u003e#7741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bf7f11339dd99c00252a427314f2a33e582f5fbe\"\u003e\u003ccode\u003ebf7f113\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency pip to v26.1.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7742\"\u003e#7742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/d9f6977a0fefc5859998c800b3b7dd8693209545\"\u003e\u003ccode\u003ed9f6977\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7722\"\u003e#7722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/326d416caee2591229e09020feac2eb332cd60bf\"\u003e\u003ccode\u003e326d416\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency bartlett/sarif-php-converters to v1.6.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7750\"\u003e#7750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d48bbe2d99ed902838330b93402d9b950802b27\"\u003e\u003ccode\u003e9d48bbe\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.12 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7745\"\u003e#7745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...3205785aa2df3d439da937292a712b07ed6ecc03\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/435","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/435","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/435/packages"},{"uuid":"4340091754","node_id":"PR_kwDOEKuYws7WLUkQ","number":431,"state":"closed","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-05T02:41:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-28T02:13:58.000Z","updated_at":"2026-05-05T02:41:31.000Z","time_to_close":606451,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: add \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003emore default hidden environment variables\u003c/a\u003e, so in case one of the 100+ linters is hacked, the attacker won't get your secrets anyway\u003c/li\u003e\n\u003cli\u003eUpgrade GO version to 1.26.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eosv-scanner (trivy-like security linter, by Google)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable KICS until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable spectral which is crashing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix linter output by section in Console reporter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate copilot-instructions into Claude Code Agents \u0026amp; Skills\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003cli\u003eRun ARM linter jobs only if the latest commit message contains \u0026quot;ARM\u0026quot; (to avoid 200 jobs for each PR)\u003c/li\u003e\n\u003cli\u003ePrevent MegaLinter to push a new commit if the only updates are on markdown files\u003c/li\u003e\n\u003cli\u003eActivate osv-scanner on own sources\u003c/li\u003e\n\u003cli\u003eExclude test dependencies from dependabot\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30\"\u003e\u003ccode\u003e345bd23\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7653\"\u003e#7653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bcd6e7974afb35f4c168122c15e7fc558e7229cf\"\u003e\u003ccode\u003ebcd6e79\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency phpstan/phpstan to v2.1.51 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7651\"\u003e#7651\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8e25704ebb3a06ccee136c6a726c1fad8db7a61d\"\u003e\u003ccode\u003e8e25704\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency powershell/powershell to v7.6.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7652\"\u003e#7652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6d3eed256f1b77c3973c112bca7f7177444e622b\"\u003e\u003ccode\u003e6d3eed2\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7640\"\u003e#7640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5c2b5c2e768c606913c7beca0fd793bbf57e1704\"\u003e\u003ccode\u003e5c2b5c2\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-openai from 1.1.16 to 1.2.1 in /.config/python/de...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0038a45ae032f4e05e894f0a2b165c6aeb077e4f\"\u003e\u003ccode\u003e0038a45\u003c/code\u003e\u003c/a\u003e chore(deps): bump langsmith from 0.7.35 to 0.7.36 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7648\"\u003e#7648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/960e681ff9bdc75f8b6ca4f5d2e8656a5d4929b7\"\u003e\u003ccode\u003e960e681\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7643\"\u003e#7643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4ce0bf29e16d1fba1f2a1a6f8e3bf10f643319fa\"\u003e\u003ccode\u003e4ce0bf2\u003c/code\u003e\u003c/a\u003e chore(deps): bump uvicorn from 0.44.0 to 0.46.0 in /server (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/124478ef123e61a1144610b09625364a61ab096f\"\u003e\u003ccode\u003e124478e\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.7.36 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7641\"\u003e#7641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/d25dcb8de9e7126d67af064a1d302ab6eee30329\"\u003e\u003ccode\u003ed25dcb8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.136.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7638\"\u003e#7638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/431","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/431","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/431/packages"},{"uuid":"4299495140","node_id":"PR_kwDOEKuYws7UJDYH","number":430,"state":"open","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 029d37a3499a0b2d27ed6624c6275b48958cd197","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T00:27:29.000Z","updated_at":"2026-04-21T00:29:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"029d37a3499a0b2d27ed6624c6275b48958cd197","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 029d37a3499a0b2d27ed6624c6275b48958cd197.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: add \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003emore default hidden environment variables\u003c/a\u003e, so in case one of the 100+ linters is hacked, the attacker won't get your secrets anyway\u003c/li\u003e\n\u003cli\u003eUpgrade GO version to 1.26.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eosv-scanner (trivy-like security linter, by Google)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable spectral which is crashing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003cli\u003eRun ARM linter jobs only if the latest commit message contains \u0026quot;ARM\u0026quot; (to avoid 200 jobs for each PR)\u003c/li\u003e\n\u003cli\u003ePrevent MegaLinter to push a new commit if the only updates are on markdown files\u003c/li\u003e\n\u003cli\u003eActivate osv-scanner on own sources\u003c/li\u003e\n\u003cli\u003eExclude test dependencies from dependabot\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/029d37a3499a0b2d27ed6624c6275b48958cd197\"\u003e\u003ccode\u003e029d37a\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7620\"\u003e#7620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e31ced1c2437dc778aa301f64d320fe4a0cff6e8\"\u003e\u003ccode\u003ee31ced1\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency stylelint to v17 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7075\"\u003e#7075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/65ca6f0c92bec4f731e9225824ffdc42631eb95b\"\u003e\u003ccode\u003e65ca6f0\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7618\"\u003e#7618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/c52b734c6f1cb345c95208db5409b8628d8a7f66\"\u003e\u003ccode\u003ec52b734\u003c/code\u003e\u003c/a\u003e Fix YAML_V8R_CONFIG_FILE / JSON_V8R_CONFIG_FILE not recognized (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7617\"\u003e#7617\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8f52fa3274e2efa7105643755668023cc04f35de\"\u003e\u003ccode\u003e8f52fa3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.75 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7619\"\u003e#7619\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bc8676e92f0cf9a6e5776fc7aaf48ae9689226fe\"\u003e\u003ccode\u003ebc8676e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langsmith from 0.7.31 to 0.7.32 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7610\"\u003e#7610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9e59d9a85248c585afa398a5e4f30157880eca8f\"\u003e\u003ccode\u003e9e59d9a\u003c/code\u003e\u003c/a\u003e chore(deps): bump orjson from 3.11.7 to 3.11.8 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7609\"\u003e#7609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b0caad733eabc85304295104e2eb6a2efd4b8bab\"\u003e\u003ccode\u003eb0caad7\u003c/code\u003e\u003c/a\u003e chore(deps): bump aiohttp from 3.13.4 to 3.13.5 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7611\"\u003e#7611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5aeb15a256eb0d0b1c4d8966fef774af354f9be6\"\u003e\u003ccode\u003e5aeb15a\u003c/code\u003e\u003c/a\u003e Activate osv-scanner and configure exclusions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7607\"\u003e#7607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07b1ac50107b0cf7220ddf31cf0c6a4f214c4df8\"\u003e\u003ccode\u003e07b1ac5\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7599\"\u003e#7599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...029d37a3499a0b2d27ed6624c6275b48958cd197\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/430","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/430","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/430/packages"},{"uuid":"4261702379","node_id":"PR_kwDON8KNQc7SSaDU","number":171,"state":"closed","title":"chore(deps): bump oxsecurity/megalinter from 7 to 9","user":"dependabot[bot]","labels":["dependencies","github-actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-14T11:28:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-14T11:27:42.000Z","updated_at":"2026-04-14T11:28:46.000Z","time_to_close":62,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"7","new_version":"9","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCreate your own \u003cstrong\u003eMegalinter Custom Flavors\u003c/strong\u003e to dramatically improve your performances\n\u003cul\u003e\n\u003cli\u003eSee \u003ca href=\"https://megalinter.io/beta/custom-flavors/\"\u003edocumentation\u003c/a\u003e for usage\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003enpx mega-linter-runner@beta --custom-flavor-setup\u003c/code\u003e to initialize repo\u003c/li\u003e\n\u003cli\u003eSuggest new flavors in reporters with a mega-linter-runner including the list of linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eNew \u003cstrong\u003eLLM Advisor\u003c/strong\u003e: call external LLMs to get hints to solve linter errors, available in:\n\u003cul\u003e\n\u003cli\u003eConsole Reporter\u003c/li\u003e\n\u003cli\u003eText Reporter\u003c/li\u003e\n\u003cli\u003eGit platforms PR/MR comments Reporter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUse ghcr.io docker images by default because of rate limits on docker.io\u003c/li\u003e\n\u003cli\u003eUse uv to create the venv folder for pip-installed linters\u003c/li\u003e\n\u003cli\u003eAdd copilot instructions for GitHub Copilot\u003c/li\u003e\n\u003cli\u003eUpdate base image to python:3.13-alpine3.21 (also embeds go 1.24)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/puppet_puppet_lint/\"\u003epuppet-lint\u003c/a\u003e: Disabled Until fix is provided for \u003ca href=\"https://redirect.github.com/puppetlabs/puppet-lint/issues/251\"\u003epuppetlabs/puppet-lint#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/repository_checkov/\"\u003echeckov\u003c/a\u003e: Disabled until fix is provided for \u003ca href=\"https://redirect.github.com/bridgecrewio/checkov/issues/7263\"\u003ebridgecrewio/checkov#7263\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emarkdown-link-check\u003c/strong\u003e has been removed because \u003ca href=\"https://megalinter.io/latest/descriptors/spell_lychee/\"\u003e\u003cstrong\u003elychee\u003c/strong\u003e\u003c/a\u003e can be used instead, and has much better performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePHP-CS-Fixer is able to run on PHP 8.4 without error (change default configuration) by \u003ca href=\"https://github.com/llaville\"\u003e\u003ccode\u003e@​llaville\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/latest/descriptors/spell_cspell/\"\u003ecspell\u003c/a\u003e: Filter output lines that do not contain found issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/latest/descriptors/docker_hadolint/\"\u003ehadolint\u003c/a\u003e: Extend DOCKERFILE_HADOLINT_FILE_NAMES_REGEX to include the \u003ccode\u003epurpose.Dockerfile\u003c/code\u003e convention eg service.Dockerfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/sql_sqlfluff/\"\u003esqlfluff\u003c/a\u003e: Handle fixing of issues\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWhen linter is docker based, force \u003ccode\u003e--platform=linux/amd64\u003c/code\u003e so it works when running locally on Mac\u003c/li\u003e\n\u003cli\u003eAdded checking of \u003ccode\u003e*.pyi\u003c/code\u003e and \u003ccode\u003e*.ipynb\u003c/code\u003e files to the \u003ccode\u003eruff\u003c/code\u003e and \u003ccode\u003eruff-format\u003c/code\u003e linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew default display for Pull Request comments, with expandable sections containing the first 1000 lines of the output log. Former display remains available by defining \u003ccode\u003eREPORTERS_MARKDOWN_SUMMARY_TYPE=table\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMarkdown summary reporter:\n\u003cul\u003e\n\u003cli\u003eWrite a file for Github integration if GITHUB_STEP_SUMMARY is set\u003c/li\u003e\n\u003cli\u003eTruncate less linter output lines\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eText reporter: Change the output file names to put the linter name first, then the status\u003c/li\u003e\n\u003cli\u003eEnhance display of markdown summary\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate documentation in all megalinter descriptor files to improve accuracy and consistency\u003c/li\u003e\n\u003cli\u003eFix incorrect information in linters documentation and descriptors\u003c/li\u003e\n\u003cli\u003eRemove dead links\u003c/li\u003e\n\u003cli\u003eAdd linter description (linter_text) in all linter descriptor, to generate a more exhaustive documentation.\u003c/li\u003e\n\u003cli\u003eUpdate contributing guide to explain how to manage python dependencies in the codebase\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v9.2.0] - 2025-11-29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/code-analyzer.html\"\u003eSalesforce Code Analyzer\u003c/a\u003e, by \u003ca href=\"https://github.com/abdeslamads\"\u003e\u003ccode\u003e@​abdeslamads\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/salesforce_code_analyzer_apex/\"\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/salesforce_code_analyzer_aura/\"\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/salesforce_code_analyzer_lwc/\"\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReactivate \u003ca href=\"https://megalinter.io/beta/descriptors/repository_checkov/\"\u003echeckov\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ca href=\"https://megalinter.io/latest/descriptors/terraform_terrascan/\"\u003eterrascan\u003c/a\u003e as the project is discontinued. Will be completely removed in a future version.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_*\u003c/code\u003e linters have been deprecated and will be removed in a future version. (they are replaced by \u003ccode\u003eSALESFORCE_CODE_ANALYZER_*\u003c/code\u003e linters)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://medium.com/@SeasonedDeveloper/looking-for-the-best-ci-cd-pipeline-linting-tool-try-megalinter-d89c9eba850d\"\u003eLooking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!\u003c/a\u003e, by \u003ca href=\"https://medium.com/@SeasonedDeveloper\"\u003eSeasoned Developer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=0JGusPYE4zc\"\u003e(Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions\u003c/a\u003e, by \u003ca href=\"https://www.youtube.com/@CanaldotNET\"\u003eCanal dotNET\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInstall dotenv-linter deterministically, by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6385\"\u003eoxsecurity/megalinter#6385\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6544\"\u003e#6544\u003c/a\u003e: Add GITHUB_TOKEN in docker build command for custom flavor\u003c/li\u003e\n\u003cli\u003eHide warning when compiling a regex\u003c/li\u003e\n\u003cli\u003eFix formatting in descriptor files to reduce changes in generated markdown, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6449\"\u003eoxsecurity/megalinter#6449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd conversion from Jenkins variables to related Git based reporters variables\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKeep jsonschema html docs updated when using \u003ccode\u003ebuild.py --doc\u003c/code\u003e, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6447\"\u003eoxsecurity/megalinter#6447\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCommit updated license info generated from build script by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6448\"\u003eoxsecurity/megalinter#6448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecreate docs/descriptors folder, delete old pages by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6451\"\u003eoxsecurity/megalinter#6451\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GITHUB_TOKEN in docker buildx build command for custom flavor, by \u003ca href=\"https://github.com/davidfevre-gouv-nc\"\u003e\u003ccode\u003e@​davidfevre-gouv-nc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6545\"\u003eoxsecurity/megalinter#6545\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize performances of standalone linters releases\u003c/li\u003e\n\u003cli\u003eRenovate: Add langchain group for package updates, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6400\"\u003eoxsecurity/megalinter#6400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor file handling in build.py to use pathlib for improved readability, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6450\"\u003eoxsecurity/megalinter#6450\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHandle upgrade of stefanzweifel/git-auto-commit-action to v7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (53)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://rhysd.github.io/actionlint/\"\u003eactionlint\u003c/a\u003e from 1.7.7 to \u003cstrong\u003e1.7.9\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ansible-lint.readthedocs.io/\"\u003eansible-lint\u003c/a\u003e from 25.9.1 to \u003cstrong\u003e25.11.1\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bandit.readthedocs.io/en/latest/\"\u003ebandit\u003c/a\u003e from 1.8.6 to \u003cstrong\u003e1.9.2\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/camaraproject/tooling/pull/171","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/camaraproject%2Ftooling/issues/171","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/171/packages"},{"uuid":"4239073719","node_id":"PR_kwDOOIgArs7RcOrw","number":64,"state":"closed","title":"Bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["chore","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-17T12:14:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T12:14:47.000Z","updated_at":"2026-04-17T12:14:50.000Z","time_to_close":604801,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":5,"packages":[{"name":"oxsecurity/megalinter","old_version":"9.3.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/download-artifact","old_version":"8.0.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"pypa/gh-action-pypi-publish","old_version":"1.13.0","new_version":"1.14.0","repository_url":"https://github.com/pypa/gh-action-pypi-publish"},{"name":"codecov/codecov-action","old_version":"5.5.2","new_version":"6.0.0","repository_url":"https://github.com/codecov/codecov-action"},{"name":"release-drafter/release-drafter","old_version":"6.2.0","new_version":"7.2.0","repository_url":"https://github.com/release-drafter/release-drafter"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.3.0` | `9.4.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` |\n| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` |\n| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `6.2.0` | `7.2.0` |\n\n\nUpdates `oxsecurity/megalinter` from 9.3.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/42bb470545e359597e7f12156947c436e4e3fb9a...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 8.0.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/releases\"\u003epypa/gh-action-pypi-publish's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e✨ What's Changed\u003c/h2\u003e\n\u003cp\u003eThe main change in this release is that \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003eprint-hash\u003c/code\u003e inputs are now on by default. This was contributed by \u003ca href=\"https://github.com/whitequark\"\u003e\u003ccode\u003e@​whitequark\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/whitequark\"\u003e💰\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397\"\u003e#397\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e📝 Docs\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/woodruffw\"\u003e💰\u003c/a\u003e updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388\"\u003e#388\u003c/a\u003e and \u003ca href=\"https://github.com/him2him2\"\u003e\u003ccode\u003e@​him2him2\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/him2him2\"\u003e💰\u003c/a\u003e brushed up some grammar in the README and SECURITY docs via \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395\"\u003e#395\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e🛠️ Internal Updates\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/woodruffw\"\u003e💰\u003c/a\u003e bumped \u003ccode\u003esigstore\u003c/code\u003e and \u003ccode\u003epypi-attestations\u003c/code\u003e in the lock file (\u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/391\"\u003e#391\u003c/a\u003e) and \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/webknjaz\"\u003e💰\u003c/a\u003e added infra for using type annotations in the project (\u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/381\"\u003e#381\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e💪 New Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/him2him2\"\u003e\u003ccode\u003e@​him2him2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395\"\u003e#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/whitequark\"\u003e\u003ccode\u003e@​whitequark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397\"\u003e#397\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e🪞 Full Diff\u003c/strong\u003e: \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0\"\u003ehttps://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e🧔‍♂️ Release Manager:\u003c/strong\u003e \u003ca href=\"https://github.com/sponsors/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://stand-with-ukraine.pp.ua\"\u003e🇺🇦\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e🙏 Special Thanks\u003c/strong\u003e to \u003ca href=\"https://github.com/facutuesca\"\u003e\u003ccode\u003e@​facutuesca\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/facutuesca\"\u003e💰\u003c/a\u003e and \u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/woodruffw\"\u003e💰\u003c/a\u003e for helping maintain this project when \u003ca href=\"https://github.com/sponsors/webknjaz\"\u003eI\u003c/a\u003e can't!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e💬 Discuss\u003c/strong\u003e \u003ca href=\"https://bsky.app/profile/webknjaz.me/post/3mivwsz3qzk2e\"\u003eon Bluesky 🦋\u003c/a\u003e, \u003ca href=\"https://mastodon.social/@webknjaz/116363779997051422\"\u003eon Mastodon 🐘\u003c/a\u003e and \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/discussions/404\"\u003eon GitHub\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sponsors/webknjaz\"\u003e\u003cimg src=\"https://img.shields.io/badge/%40webknjaz-transparent?logo=githubsponsors\u0026amp;logoColor=%23EA4AAA\u0026amp;label=Sponsor\u0026amp;color=2a313c\" alt=\"GH Sponsors badge\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/cef221092ed1bacb1cc03d23a2d87d1d172e277b\"\u003e\u003ccode\u003ecef2210\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397\"\u003e#397\u003c/a\u003e from whitequark/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/b4595e2555a031e2fd6f0bbded4e7918eaa2724e\"\u003e\u003ccode\u003eb4595e2\u003c/code\u003e\u003c/a\u003e Enable \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003eprint-hash\u003c/code\u003e by default.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/e2bab26859796ee5c3bf97b8f394ce1e6570e906\"\u003e\u003ccode\u003ee2bab26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395\"\u003e#395\u003c/a\u003e from him2him2/docs/fix-typos-and-grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/7495c384ec7a0240a28e568e7ffc60af1629585d\"\u003e\u003ccode\u003e7495c38\u003c/code\u003e\u003c/a\u003e docs: fix typos and grammar in README and SECURITY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/03f86fee9ac21f854951f5c6e2a02c2a1324aec7\"\u003e\u003ccode\u003e03f86fe\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388\"\u003e#388\u003c/a\u003e from woodruffw-forks/ww/rm-experimental\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/4c78f1c53c55c528d8abd83df933ae92bd4c1d8c\"\u003e\u003ccode\u003e4c78f1c\u003c/code\u003e\u003c/a\u003e Merge branch 'unstable/v1' into ww/rm-experimental\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/b5a6e8ba2611ad0c810f383eed9e6629eb0b3b2f\"\u003e\u003ccode\u003eb5a6e8b\u003c/code\u003e\u003c/a\u003e deps: bump sigstore and pypi-attestations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/a48a03e758da35722b0d159dae23e0440d0fcce2\"\u003e\u003ccode\u003ea48a03e\u003c/code\u003e\u003c/a\u003e remove another experimental mention\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/8087a88a46924f78608905d7841a170e749524ce\"\u003e\u003ccode\u003e8087a88\u003c/code\u003e\u003c/a\u003e action: remove a lingering mention of PEP 740 being experimental\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/3317ede93a4981d0fc490510c6fcf8bf0e92ed05\"\u003e\u003ccode\u003e3317ede\u003c/code\u003e\u003c/a\u003e 🧪 Integrate actionlint via pre-commit framework\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/compare/ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e...cef221092ed1bacb1cc03d23a2d87d1d172e277b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 5.5.2 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/github-script from 7.0.1 to 8.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1874\"\u003ecodecov/codecov-action#1874\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): bump to 5.5.3 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1922\"\u003ecodecov/codecov-action#1922\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003e\u003ccode\u003e57e3a13\u003c/code\u003e\u003c/a\u003e Th/6.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1928\"\u003e#1928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/f67d33dda8a42b51c42a8318a1f66468119e898b\"\u003e\u003ccode\u003ef67d33d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/75cd11691c0faa626561e295848008c8a7dddffe\"\u003e\u003ccode\u003e75cd116\u003c/code\u003e\u003c/a\u003e chore(release): 5.5.4 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1927\"\u003e#1927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/87d39f4a2cec2673cf9505764fb20a38792ea722\"\u003e\u003ccode\u003e87d39f4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/1af58845a975a7985b0beb0cbe6fbbb71a41dbad\"\u003e\u003ccode\u003e1af5884\u003c/code\u003e\u003c/a\u003e chore(release): bump to 5.5.3 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1922\"\u003e#1922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/c143300dea6c9a730986ff862c5bf4d458927ef8\"\u003e\u003ccode\u003ec143300\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1874\"\u003e#1874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `release-drafter/release-drafter` from 6.2.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/release-drafter/release-drafter/releases\"\u003erelease-drafter/release-drafter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow always collapsing a category (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1444\"\u003e#1444\u003c/a\u003e) \u003ca href=\"https://github.com/mhanberg\"\u003e\u003ccode\u003e@​mhanberg\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: improve advanced substitutions in replacers (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1555\"\u003e#1555\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support repo-only _extends and prevent .github/ path doubling (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1577\"\u003e#1577\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): update dependency typescript to 6.0.2 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1587\"\u003e#1587\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update vitest to 4.1.4 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1585\"\u003e#1585\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): update peter-evans/create-pull-request action to v8 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1588\"\u003e#1588\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency vite to 8.0.5 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1579\"\u003e#1579\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency nock to 14.0.12 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1583\"\u003e#1583\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to 24.12.2 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1582\"\u003e#1582\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​biomejs/biome\u003c/code\u003e to 2.4.10 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1581\"\u003e#1581\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: move codegen to monthly scheduled workflow (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1578\"\u003e#1578\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: replace vite-tsconfig-paths plugin with native resolve.tsconfigPaths (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1571\"\u003e#1571\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: fix autolabeler example tag (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1568\"\u003e#1568\u003c/a\u003e) \u003ca href=\"https://github.com/cchanche\"\u003e\u003ccode\u003e@​cchanche\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump lodash and \u003ccode\u003e@​graphql-codegen/plugin-helpers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1589\"\u003e#1589\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update dependency \u003ccode\u003e@​actions/github\u003c/code\u003e to 9.1.0 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1586\"\u003e#1586\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency yaml to 2.8.3 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1580\"\u003e#1580\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update node.js to v24.14.1 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1584\"\u003e#1584\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​biomejs/biome\u003c/code\u003e to 2.4.10 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1581\"\u003e#1581\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0\"\u003ehttps://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.1\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: remove disable-releaser and disable-autolabeler from action.yaml (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1564\"\u003e#1564\u003c/a\u003e) \u003ca href=\"https://github.com/cchanche\"\u003e\u003ccode\u003e@​cchanche\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/release-drafter/release-drafter/compare/v7.1.0...v7.1.1\"\u003ehttps://github.com/release-drafter/release-drafter/compare/v7.1.0...v7.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/5de93583980a40bd78603b6dfdcda5b4df377b32\"\u003e\u003ccode\u003e5de9358\u003c/code\u003e\u003c/a\u003e 7.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/e50d61c7deb94fc176ad7d31d7b71f60307829b2\"\u003e\u003ccode\u003ee50d61c\u003c/code\u003e\u003c/a\u003e chore: rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/d3a61d3b778db0d18c3511a1d8a5585188fdb99f\"\u003e\u003ccode\u003ed3a61d3\u003c/code\u003e\u003c/a\u003e chore: fix npm audit vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/8bfa2791ec73890e3087b933c9db62d0a294a461\"\u003e\u003ccode\u003e8bfa279\u003c/code\u003e\u003c/a\u003e build(deps): bump lodash and \u003ccode\u003e@​graphql-codegen/plugin-helpers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/c2a8a67ac931b548feeee49fe78975bd87720a0e\"\u003e\u003ccode\u003ec2a8a67\u003c/code\u003e\u003c/a\u003e chore: remove engine-strict from .npmrc to fix Dependabot resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/e51e4adf1695870d57ae9cf3fa8cc37064d6304d\"\u003e\u003ccode\u003ee51e4ad\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency typescript to 6.0.2 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/0e7bd548468b9ce7f0b082417f6ec32bc47173ae\"\u003e\u003ccode\u003e0e7bd54\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency \u003ccode\u003e@​actions/github\u003c/code\u003e to 9.1.0 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/9c0b0a8cf19d3415f835a04b1987cd2451aaac85\"\u003e\u003ccode\u003e9c0b0a8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency yaml to 2.8.3 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1580\"\u003e#1580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/b27f820cbc98c923f216e773d35bc7f4e8efd9ed\"\u003e\u003ccode\u003eb27f820\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest to 4.1.4 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1585\"\u003e#1585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/eb9053430f473e03512e92caee9608b0db01ebd7\"\u003e\u003ccode\u003eeb90534\u003c/code\u003e\u003c/a\u003e ci(deps): update peter-evans/create-pull-request action to v8 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1588\"\u003e#1588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/release-drafter/release-drafter/compare/6db134d15f3909ccc9eefd369f02bd1e9cffdf97...5de93583980a40bd78603b6dfdcda5b4df377b32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/laywill/gimmie/pull/64","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laywill%2Fgimmie/issues/64","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/64/packages"},{"uuid":"4232271053","node_id":"PR_kwDOPaSNd87RIRAP","number":185,"state":"open","title":"build(deps): bump oxsecurity/megalinter from ce48f4c2f110cb802cae5389c5fa1e4390b82e19 to 32ce86e7362f1bd71e0d165a0b35864701e8dc56","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-09T12:41:16.000Z","updated_at":"2026-04-09T12:43:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"ce48f4c2f110cb802cae5389c5fa1e4390b82e19","new_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from ce48f4c2f110cb802cae5389c5fa1e4390b82e19 to 32ce86e7362f1bd71e0d165a0b35864701e8dc56.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/32ce86e7362f1bd71e0d165a0b35864701e8dc56\"\u003e\u003ccode\u003e32ce86e\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7514\"\u003e#7514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/ce48f4c2f110cb802cae5389c5fa1e4390b82e19...32ce86e7362f1bd71e0d165a0b35864701e8dc56\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NanashiTheNameless/serialterminal/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NanashiTheNameless%2Fserialterminal/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"},{"uuid":"4202845427","node_id":"PR_kwDOQ3Y4V87P5njP","number":25,"state":"open","title":"Bump oxsecurity/megalinter from ecd46c44d26083667ce277b942c2dd5758f92cc1 to a77943c8fc827117446d7fbd7a70fd3f23160bc8","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-04T01:07:55.000Z","updated_at":"2026-04-04T01:09:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"ecd46c44d26083667ce277b942c2dd5758f92cc1","new_version":"a77943c8fc827117446d7fbd7a70fd3f23160bc8","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from ecd46c44d26083667ce277b942c2dd5758f92cc1 to a77943c8fc827117446d7fbd7a70fd3f23160bc8.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003e\u003ccode\u003ea77943c\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7493\"\u003e#7493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/17b279e96770957b09867ff0977571c4a0e1bac5\"\u003e\u003ccode\u003e17b279e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-core from 1.2.22 to 1.2.23 in /.config/python/dev...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/502418a379f1acbd2a3f8b173ac769cc956b3459\"\u003e\u003ccode\u003e502418a\u003c/code\u003e\u003c/a\u003e chore(deps): bump python-gitlab from 8.1.0 to 8.2.0 in /.config/python/dev (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cb0a60d4216b55155014ad213677d9917f9289f0\"\u003e\u003ccode\u003ecb0a60d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jest to v29.15.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7482\"\u003e#7482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/1a98671690c8638a8fe6852d3098ac9c80d0680b\"\u003e\u003ccode\u003e1a98671\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7488\"\u003e#7488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/266c62707c7ee9adfc9812a3df2abb23c1ca61cb\"\u003e\u003ccode\u003e266c627\u003c/code\u003e\u003c/a\u003e feat: build linters for linux/arm64 where possible in deploy-*-linters.yml (#...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/ecd46c44d26083667ce277b942c2dd5758f92cc1...a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NanashiTheNameless/CaiXianlinRemoteIDMonitor/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NanashiTheNameless%2FCaiXianlinRemoteIDMonitor/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4174697821","node_id":"PR_kwDOEKuYws7OyKlw","number":424,"state":"open","title":"Bump oxsecurity/megalinter from 6ad18a5709bb2f0a5a3dd3ef057beff810105fb7 to a77943c8fc827117446d7fbd7a70fd3f23160bc8","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-30T23:40:45.000Z","updated_at":"2026-03-30T23:42:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"6ad18a5709bb2f0a5a3dd3ef057beff810105fb7","new_version":"a77943c8fc827117446d7fbd7a70fd3f23160bc8","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 6ad18a5709bb2f0a5a3dd3ef057beff810105fb7 to a77943c8fc827117446d7fbd7a70fd3f23160bc8.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003e\u003ccode\u003ea77943c\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7493\"\u003e#7493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/17b279e96770957b09867ff0977571c4a0e1bac5\"\u003e\u003ccode\u003e17b279e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-core from 1.2.22 to 1.2.23 in /.config/python/dev...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/502418a379f1acbd2a3f8b173ac769cc956b3459\"\u003e\u003ccode\u003e502418a\u003c/code\u003e\u003c/a\u003e chore(deps): bump python-gitlab from 8.1.0 to 8.2.0 in /.config/python/dev (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cb0a60d4216b55155014ad213677d9917f9289f0\"\u003e\u003ccode\u003ecb0a60d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jest to v29.15.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7482\"\u003e#7482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/1a98671690c8638a8fe6852d3098ac9c80d0680b\"\u003e\u003ccode\u003e1a98671\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7488\"\u003e#7488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/266c62707c7ee9adfc9812a3df2abb23c1ca61cb\"\u003e\u003ccode\u003e266c627\u003c/code\u003e\u003c/a\u003e feat: build linters for linux/arm64 where possible in deploy-*-linters.yml (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ecd46c44d26083667ce277b942c2dd5758f92cc1\"\u003e\u003ccode\u003eecd46c4\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency sfdx-hardis to v7.5.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7490\"\u003e#7490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8c4e1545659b66e826648fd7271775932a297dda\"\u003e\u003ccode\u003e8c4e154\u003c/code\u003e\u003c/a\u003e chore(deps): update trufflesecurity/trufflehog docker tag to v3.94.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7489\"\u003e#7489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/63145c770180f3cd4e7948705c85a4afd9d2423c\"\u003e\u003ccode\u003e63145c7\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency snakemake to v9.18.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7487\"\u003e#7487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ca4a2b73b76512ab3192115be80416fa98def12a\"\u003e\u003ccode\u003eca4a2b7\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rust-lang/rust to v1.94.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7486\"\u003e#7486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/6ad18a5709bb2f0a5a3dd3ef057beff810105fb7...a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/424","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/424","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/424/packages"},{"uuid":"4125130542","node_id":"PR_kwDONYMH5c7M4Je0","number":193,"state":"open","title":"build(deps): bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-24T04:17:02.000Z","updated_at":"2026-03-26T05:06:48.076Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"github-actions","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.14.0","new_version":"2.16.0","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"zizmorcore/zizmor-action","old_version":"0.3.0","new_version":"0.5.2","repository_url":"https://github.com/zizmorcore/zizmor-action"},{"name":"oxsecurity/megalinter","old_version":"9.2.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"hendrikmuhs/ccache-action","old_version":"1.2.20","new_version":"1.2.21","repository_url":"https://github.com/hendrikmuhs/ccache-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.0` | `2.16.0` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.3.0` | `0.5.2` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.2.0` | `9.4.0` |\n| [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.20` | `1.2.21` |\n\n\nUpdates `step-security/harden-runner` from 2.14.0 to 2.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated action.yml to use node24\u003c/li\u003e\n\u003cli\u003eSecurity fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See \u003ca href=\"https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698\"\u003eGHSA-46g3-37rh-v698\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003eSecurity fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See \u003ca href=\"https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g\"\u003eGHSA-g699-3x6g-wm3g\u003c/a\u003e for details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/642\"\u003estep-security/harden-runner#642\u003c/a\u003e bug due to which post step was failing on Windows ARM runners\u003c/li\u003e\n\u003cli\u003eUpdates npm packages\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.15.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eWindows and macOS runner support\u003c/h3\u003e\n\u003cp\u003eWe are excited to announce that Harden Runner now supports \u003cstrong\u003eWindows and macOS runners\u003c/strong\u003e, extending runtime security beyond Linux for the first time.\u003c/p\u003e\n\u003cp\u003eInsights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eSecurity fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See \u003ca href=\"https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq\"\u003eGHSA-cpmj-h4f6-r6pq\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eIn some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed npm audit vulnerabilities\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003e\u003ccode\u003efa2e9d6\u003c/code\u003e\u003c/a\u003e Release v2.16.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc\"\u003e\u003ccode\u003e58077d3\u003c/code\u003e\u003c/a\u003e Release v2.15.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/641\"\u003e#641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a90bcbc6539c36a85cdfeb73f7e2f433735f215b\"\u003e\u003ccode\u003ea90bcbc\u003c/code\u003e\u003c/a\u003e Update readme (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/637\"\u003e#637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/f0a59d88538059e010b6ebd90b74e2740a6d05fc\"\u003e\u003ccode\u003ef0a59d8\u003c/code\u003e\u003c/a\u003e Release v2.15.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/639\"\u003e#639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e\"\u003e\u003ccode\u003e5ef0c07\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/635\"\u003e#635\u003c/a\u003e from step-security/rc-34\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/eb43c7b3fd5a30c42ff1ab84b494f1cc6c7cc3b6\"\u003e\u003ccode\u003eeb43c7b\u003c/code\u003e\u003c/a\u003e update agent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/e3f713f2d8f53843e71c69a996d56f51aa9adfb9\"\u003e\u003ccode\u003ee3f713f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/631\"\u003e#631\u003c/a\u003e from step-security/rc-31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/423acdda6fd4f75f197b7c305a3f2e3d700dc00b\"\u003e\u003ccode\u003e423acdd\u003c/code\u003e\u003c/a\u003e chore: fix npm audit vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/0ddb86cf0353b79dbed5bb8cef4103700cea70a7\"\u003e\u003ccode\u003e0ddb86c\u003c/code\u003e\u003c/a\u003e update agent\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.3.0 to 0.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.1 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.0 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExpose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e by \u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.1\u003c/h2\u003e\n\u003cp\u003eThis version fixes an error in the 0.4.0 release that prevented non-relative use\nof the action.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix version file path by \u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/83\"\u003ezizmorcore/zizmor-action#83\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.0\u003c/h2\u003e\n\u003cp\u003eThis new version of \u003ccode\u003ezizmor-action\u003c/code\u003e brings two major changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe new \u003ccode\u003efail-on-no-inputs\u003c/code\u003e option can be used to control whether\n\u003ccode\u003ezizmor-action\u003c/code\u003e fails if no inputs were collected by \u003ccode\u003ezizmor\u003c/code\u003e. The default\nremains \u003ccode\u003etrue\u003c/code\u003e, reflecting the pre-existing behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe action's use of the official \u003ccode\u003ezizmor\u003c/code\u003e Docker images is now fully\nhash-checked internally, preventing accidental or malicious modification\nto the images. This also means that subsequent releases of \u003ccode\u003ezizmor\u003c/code\u003e\nwill induce a release of this action, rather than the action always picking\nup the latest version by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: extended permissions required for internal repos by \u003ca href=\"https://github.com/AntoineSebert\"\u003e\u003ccode\u003e@​AntoineSebert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/61\"\u003ezizmorcore/zizmor-action#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify description of \u0026quot;token\u0026quot; to indicate it is only used for online audits by \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/63\"\u003ezizmorcore/zizmor-action#63\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003e\u003ccode\u003e71321a2\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ed31db0964a9d37608edd5b0675de2b52070662\"\u003e\u003ccode\u003e5ed31db\u003c/code\u003e\u003c/a\u003e Bump pins (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/195d10ad90f31d8cd6ea1efd6ecc12969ddbe73f\"\u003e\u003ccode\u003e195d10a\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/94\"\u003e#94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c65bc8876171b6d82748ec98b77c0193b1226b94\"\u003e\u003ccode\u003ec65bc88\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c2c887f84674f9c15123e2905d2d307675d8bc01\"\u003e\u003ccode\u003ec2c887f\u003c/code\u003e\u003c/a\u003e chore(deps): bump zizmorcore/zizmor-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5507ab0c02a9ac3996895e1598d6b3385ea7d525\"\u003e\u003ccode\u003e5507ab0\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d\"\u003e\u003ccode\u003e0dce257\u003c/code\u003e\u003c/a\u003e chore(deps): bump peter-evans/create-pull-request (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/88\"\u003e#88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/fb9497493b591ad90176d3ecac5ca4aeff8c9faf\"\u003e\u003ccode\u003efb94974\u003c/code\u003e\u003c/a\u003e Expose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/87\"\u003e#87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/867562a69bb7adcc63dd1e8c003600a58b5f70e2\"\u003e\u003ccode\u003e867562a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/85\"\u003e#85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/7462f075f718787753331c6d98ca9ef8eb41e735\"\u003e\u003ccode\u003e7462f07\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/84\"\u003e#84\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/e639db99335bc9038abc0e066dfcd72e23d26fb4...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.2.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/55a59b24a441e0e1943080d4a512d827710d4a9d...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hendrikmuhs/ccache-action` from 1.2.20 to 1.2.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/releases\"\u003ehendrikmuhs/ccache-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/396\"\u003ehendrikmuhs/ccache-action#396\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.0 to 25.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/417\"\u003ehendrikmuhs/ccache-action#417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e from 4.1.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/412\"\u003ehendrikmuhs/ccache-action#412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/413\"\u003ehendrikmuhs/ccache-action#413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/exec\u003c/code\u003e from 1.1.1 to 3.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/414\"\u003ehendrikmuhs/ccache-action#414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/io\u003c/code\u003e from 2.0.0 to 3.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/416\"\u003ehendrikmuhs/ccache-action#416\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: add Windows ARM and macOS binaries, use a single Package class, deduplicate some common install code by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/403\"\u003ehendrikmuhs/ccache-action#403\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.2.2 to 25.3.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/421\"\u003ehendrikmuhs/ccache-action#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump jest from 30.2.0 to 30.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/431\"\u003ehendrikmuhs/ccache-action#431\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Node.js version from 20 to 24 by \u003ca href=\"https://github.com/janisozaur\"\u003e\u003ccode\u003e@​janisozaur\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/427\"\u003ehendrikmuhs/ccache-action#427\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.3.3 to 25.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/430\"\u003ehendrikmuhs/ccache-action#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: generate metadata json file by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/422\"\u003ehendrikmuhs/ccache-action#422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: add install matrix  by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/423\"\u003ehendrikmuhs/ccache-action#423\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/429\"\u003ehendrikmuhs/ccache-action#429\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/403\"\u003ehendrikmuhs/ccache-action#403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/v1.2...v1.2.21\"\u003ehttps://github.com/hendrikmuhs/ccache-action/compare/v1.2...v1.2.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/1bbbcda0748b3e340dee71a314fa68ffcbd6df79\"\u003e\u003ccode\u003e1bbbcda\u003c/code\u003e\u003c/a\u003e update code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/ad1528eb9645516c5ed957831c14fc45974dc2db\"\u003e\u003ccode\u003ead1528e\u003c/code\u003e\u003c/a\u003e Bump undici from 6.23.0 to 6.24.1 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/429\"\u003e#429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/b13e06baa433e378631875708da028728c85272e\"\u003e\u003ccode\u003eb13e06b\u003c/code\u003e\u003c/a\u003e tests: add install matrix  (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/423\"\u003e#423\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/db942ad7470cac36515ee8aa7b4a4c7dffb8ca9c\"\u003e\u003ccode\u003edb942ad\u003c/code\u003e\u003c/a\u003e refactor: generate metadata json file (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/422\"\u003e#422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/4f5619a998ecc04bcf09845b93b4df20d30a3a79\"\u003e\u003ccode\u003e4f5619a\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.3.3 to 25.5.0 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/430\"\u003e#430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/cbca54bc091066d19ba55db5b7814f46b0b84baa\"\u003e\u003ccode\u003ecbca54b\u003c/code\u003e\u003c/a\u003e Upgrade Node.js version from 20 to 24 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/4a6e0f01d7bfadececa26b58ec632c5cb1a9fc5a\"\u003e\u003ccode\u003e4a6e0f0\u003c/code\u003e\u003c/a\u003e Bump jest from 30.2.0 to 30.3.0 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/c56d71aeec8b5dd2dc73e25a774334e2d6b762ff\"\u003e\u003ccode\u003ec56d71a\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.2.2 to 25.3.3 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/421\"\u003e#421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/ac5cc34c29f1f9ee6f415282f243a4a61b0e8062\"\u003e\u003ccode\u003eac5cc34\u003c/code\u003e\u003c/a\u003e refactor: add Windows ARM and macOS binaries, use a single Package class, ded...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/a84654113cbf557e87cc3b0fd082efdc9fa3f9b5\"\u003e\u003ccode\u003ea846541\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/5ebbd400eff9e74630f759d94ddd7b6c26299639...1bbbcda0748b3e340dee71a314fa68ffcbd6df79\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/philips-software/amp-postmaster/pull/193","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Famp-postmaster/issues/193","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/193/packages"},{"uuid":"4086103329","node_id":"PR_kwDONYMH5c7LGmke","number":191,"state":"open","title":"build(deps): bump the github-actions group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-17T04:16:42.000Z","updated_at":"2026-03-17T04:18:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"github-actions","update_count":4,"packages":[{"name":"actions/checkout","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"zizmorcore/zizmor-action","old_version":"0.3.0","new_version":"0.5.2","repository_url":"https://github.com/zizmorcore/zizmor-action"},{"name":"oxsecurity/megalinter","old_version":"9.2.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/cache","old_version":"5.0.1","new_version":"5.0.3","repository_url":"https://github.com/actions/cache"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action), [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) and [actions/cache](https://github.com/actions/cache).\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.3.0 to 0.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.1 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.0 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExpose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e by \u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.1\u003c/h2\u003e\n\u003cp\u003eThis version fixes an error in the 0.4.0 release that prevented non-relative use\nof the action.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix version file path by \u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/83\"\u003ezizmorcore/zizmor-action#83\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.0\u003c/h2\u003e\n\u003cp\u003eThis new version of \u003ccode\u003ezizmor-action\u003c/code\u003e brings two major changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe new \u003ccode\u003efail-on-no-inputs\u003c/code\u003e option can be used to control whether\n\u003ccode\u003ezizmor-action\u003c/code\u003e fails if no inputs were collected by \u003ccode\u003ezizmor\u003c/code\u003e. The default\nremains \u003ccode\u003etrue\u003c/code\u003e, reflecting the pre-existing behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe action's use of the official \u003ccode\u003ezizmor\u003c/code\u003e Docker images is now fully\nhash-checked internally, preventing accidental or malicious modification\nto the images. This also means that subsequent releases of \u003ccode\u003ezizmor\u003c/code\u003e\nwill induce a release of this action, rather than the action always picking\nup the latest version by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: extended permissions required for internal repos by \u003ca href=\"https://github.com/AntoineSebert\"\u003e\u003ccode\u003e@​AntoineSebert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/61\"\u003ezizmorcore/zizmor-action#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify description of \u0026quot;token\u0026quot; to indicate it is only used for online audits by \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/63\"\u003ezizmorcore/zizmor-action#63\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003e\u003ccode\u003e71321a2\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ed31db0964a9d37608edd5b0675de2b52070662\"\u003e\u003ccode\u003e5ed31db\u003c/code\u003e\u003c/a\u003e Bump pins (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/195d10ad90f31d8cd6ea1efd6ecc12969ddbe73f\"\u003e\u003ccode\u003e195d10a\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/94\"\u003e#94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c65bc8876171b6d82748ec98b77c0193b1226b94\"\u003e\u003ccode\u003ec65bc88\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c2c887f84674f9c15123e2905d2d307675d8bc01\"\u003e\u003ccode\u003ec2c887f\u003c/code\u003e\u003c/a\u003e chore(deps): bump zizmorcore/zizmor-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5507ab0c02a9ac3996895e1598d6b3385ea7d525\"\u003e\u003ccode\u003e5507ab0\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d\"\u003e\u003ccode\u003e0dce257\u003c/code\u003e\u003c/a\u003e chore(deps): bump peter-evans/create-pull-request (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/88\"\u003e#88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/fb9497493b591ad90176d3ecac5ca4aeff8c9faf\"\u003e\u003ccode\u003efb94974\u003c/code\u003e\u003c/a\u003e Expose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/87\"\u003e#87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/867562a69bb7adcc63dd1e8c003600a58b5f70e2\"\u003e\u003ccode\u003e867562a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/85\"\u003e#85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/7462f075f718787753331c6d98ca9ef8eb41e735\"\u003e\u003ccode\u003e7462f07\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/84\"\u003e#84\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/e639db99335bc9038abc0e066dfcd72e23d26fb4...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.2.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format\"\u003edotnet-format\u003c/a\u003e from 9.0.114 to \u003cstrong\u003e10.0.103\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://htmlhint.com/\"\u003ehtmlhint\u003c/a\u003e from 1.9.1 to \u003cstrong\u003e1.9.2\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/55a59b24a441e0e1943080d4a512d827710d4a9d...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003e\u003ccode\u003ecdf6c1f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1695\"\u003e#1695\u003c/a\u003e from actions/Link-/prepare-5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d\"\u003e\u003ccode\u003ea1bee22\u003c/code\u003e\u003c/a\u003e Add review for the \u003ccode\u003e@​actions/http-client\u003c/code\u003e license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f\"\u003e\u003ccode\u003e4695763\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502\"\u003e\u003ccode\u003edc73bb9\u003c/code\u003e\u003c/a\u003e Upgrade dependencies and address security warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a\"\u003e\u003ccode\u003e345d5c2\u003c/code\u003e\u003c/a\u003e Add 5.0.3 builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003e\u003ccode\u003e8b402f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1692\"\u003e#1692\u003c/a\u003e from GhadimiR/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002\"\u003e\u003ccode\u003e304ab5a\u003c/code\u003e\u003c/a\u003e license for httpclient\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be\"\u003e\u003ccode\u003e609fc19\u003c/code\u003e\u003c/a\u003e Update licensed record for cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5\"\u003e\u003ccode\u003eb22231e\u003c/code\u003e\u003c/a\u003e Build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a\"\u003e\u003ccode\u003e93150cd\u003c/code\u003e\u003c/a\u003e Add PR link to releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/philips-software/amp-postmaster/pull/191","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Famp-postmaster/issues/191","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/191/packages"},{"uuid":"4080845286","node_id":"PR_kwDOOJE5qc7K1oQE","number":81,"state":"open","title":"Bump the minor-and-patch group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-16T07:56:50.000Z","updated_at":"2026-03-16T07:58:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"minor-and-patch","update_count":4,"packages":[{"name":"github/codeql-action","old_version":"4.32.2","new_version":"4.32.6","repository_url":"https://github.com/github/codeql-action"},{"name":"oxsecurity/megalinter","old_version":"9.3.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"softprops/action-gh-release","old_version":"2.5.0","new_version":"2.6.1","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/stale","old_version":"10.1.1","new_version":"10.2.0","repository_url":"https://github.com/actions/stale"}],"path":null,"ecosystem":"actions"},"body":"Bumps the minor-and-patch group with 4 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [actions/stale](https://github.com/actions/stale).\n\nUpdates `github/codeql-action` from 4.32.2 to 4.32.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to disable \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository property with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and the type \u0026quot;True/false\u0026quot; in the organization's settings. Then in the repository's settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to disable improved incremental analysis. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. This feature is not yet available on GitHub Enterprise Server. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space requirement for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the \u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href=\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href=\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to disable \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository property with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and the type \u0026quot;True/false\u0026quot; in the organization's settings. Then in the repository's settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to disable improved incremental analysis. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. This feature is not yet available on GitHub Enterprise Server. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space requirement for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the \u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href=\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href=\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d579ffd059c29b07949a3cce3983f0780820c98\"\u003e\u003ccode\u003e0d579ff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3551\"\u003e#3551\u003c/a\u003e from github/update-v4.32.6-72d2d850d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4c6be7cf1c47a33a06fa9183269e133e6863574\"\u003e\u003ccode\u003ed4c6be7\u003c/code\u003e\u003c/a\u003e Update changelog for v4.32.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72d2d850d1f91d4e1e024f4cf4276fd16bb68462\"\u003e\u003ccode\u003e72d2d85\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3548\"\u003e#3548\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/23f983ce00d9a853697a6aaa9eae8d5abbf14849\"\u003e\u003ccode\u003e23f983c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3544\"\u003e#3544\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/832e97ccad228ef72e06ffee26f6251bceeb7e5f\"\u003e\u003ccode\u003e832e97c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3545\"\u003e#3545\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5ef38c0b13c2f0f5ce928cb7706f5fb19fc97ae2\"\u003e\u003ccode\u003e5ef38c0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3546\"\u003e#3546\u003c/a\u003e from github/dependabot/npm_and_yarn/tar-7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/80c9cda73902bba67939606c4bf3a1d9606bb150\"\u003e\u003ccode\u003e80c9cda\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f2669dd916c673b2811839169929a8ba71bb7634\"\u003e\u003ccode\u003ef2669dd\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/bd03c44cf40965f5476f66fad404194e4cb35710\"\u003e\u003ccode\u003ebd03c44\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/102d7627b63c066871badf0743c11b2f6dd9c9e9\"\u003e\u003ccode\u003e102d762\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...0d579ffd059c29b07949a3cce3983f0780820c98\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.3.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format\"\u003edotnet-format\u003c/a\u003e from 9.0.114 to \u003cstrong\u003e10.0.103\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://htmlhint.com/\"\u003ehtmlhint\u003c/a\u003e from 1.9.1 to \u003cstrong\u003e1.9.2\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/42bb470545e359597e7f12156947c436e4e3fb9a...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.5.0 to 2.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eExciting New Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: support previous_tag for generate_release_notes by \u003ca href=\"https://github.com/pocesar\"\u003e\u003ccode\u003e@​pocesar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/372\"\u003esoftprops/action-gh-release#372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: recover concurrent asset metadata 404s by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/760\"\u003esoftprops/action-gh-release#760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify reused draft release behavior by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/759\"\u003esoftprops/action-gh-release#759\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify working_directory input by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/761\"\u003esoftprops/action-gh-release#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: verify dist bundle freshness by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/762\"\u003esoftprops/action-gh-release#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clarify immutable prerelease uploads by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/763\"\u003esoftprops/action-gh-release#763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003ccode\u003e2.5.3\u003c/code\u003e is a patch release focused on the remaining path-handling and release-selection bugs uncovered after \u003ccode\u003e2.5.2\u003c/code\u003e.\nIt fixes \u003ccode\u003e[#639](https://github.com/softprops/action-gh-release/issues/639)\u003c/code\u003e, \u003ccode\u003e[#571](https://github.com/softprops/action-gh-release/issues/571)\u003c/code\u003e, \u003ccode\u003e[#280](https://github.com/softprops/action-gh-release/issues/280)\u003c/code\u003e, \u003ccode\u003e[#614](https://github.com/softprops/action-gh-release/issues/614)\u003c/code\u003e, \u003ccode\u003e[#311](https://github.com/softprops/action-gh-release/issues/311)\u003c/code\u003e, \u003ccode\u003e[#403](https://github.com/softprops/action-gh-release/issues/403)\u003c/code\u003e, and \u003ccode\u003e[#368](https://github.com/softprops/action-gh-release/issues/368)\u003c/code\u003e.\nIt also adds documentation clarifications for \u003ccode\u003e[#541](https://github.com/softprops/action-gh-release/issues/541)\u003c/code\u003e, \u003ccode\u003e[#645](https://github.com/softprops/action-gh-release/issues/645)\u003c/code\u003e, \u003ccode\u003e[#542](https://github.com/softprops/action-gh-release/issues/542)\u003c/code\u003e, \u003ccode\u003e[#393](https://github.com/softprops/action-gh-release/issues/393)\u003c/code\u003e, and \u003ccode\u003e[#411](https://github.com/softprops/action-gh-release/issues/411)\u003c/code\u003e,\nwhere the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eExciting New Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: support previous_tag for generate_release_notes by \u003ca href=\"https://github.com/pocesar\"\u003e\u003ccode\u003e@​pocesar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/372\"\u003esoftprops/action-gh-release#372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: recover concurrent asset metadata 404s by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/760\"\u003esoftprops/action-gh-release#760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify reused draft release behavior by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/759\"\u003esoftprops/action-gh-release#759\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify working_directory input by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/761\"\u003esoftprops/action-gh-release#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: verify dist bundle freshness by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/762\"\u003esoftprops/action-gh-release#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clarify immutable prerelease uploads by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/763\"\u003esoftprops/action-gh-release#763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.5.3\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.5.3\u003c/code\u003e is a patch release focused on the remaining path-handling and release-selection bugs uncovered after \u003ccode\u003e2.5.2\u003c/code\u003e.\nIt fixes \u003ccode\u003e[#639](https://github.com/softprops/action-gh-release/issues/639)\u003c/code\u003e, \u003ccode\u003e[#571](https://github.com/softprops/action-gh-release/issues/571)\u003c/code\u003e, \u003ccode\u003e[#280](https://github.com/softprops/action-gh-release/issues/280)\u003c/code\u003e, \u003ccode\u003e[#614](https://github.com/softprops/action-gh-release/issues/614)\u003c/code\u003e, \u003ccode\u003e[#311](https://github.com/softprops/action-gh-release/issues/311)\u003c/code\u003e, \u003ccode\u003e[#403](https://github.com/softprops/action-gh-release/issues/403)\u003c/code\u003e, and \u003ccode\u003e[#368](https://github.com/softprops/action-gh-release/issues/368)\u003c/code\u003e.\nIt also adds documentation clarifications for \u003ccode\u003e[#541](https://github.com/softprops/action-gh-release/issues/541)\u003c/code\u003e, \u003ccode\u003e[#645](https://github.com/softprops/action-gh-release/issues/645)\u003c/code\u003e, \u003ccode\u003e[#542](https://github.com/softprops/action-gh-release/issues/542)\u003c/code\u003e, \u003ccode\u003e[#393](https://github.com/softprops/action-gh-release/issues/393)\u003c/code\u003e, and \u003ccode\u003e[#411](https://github.com/softprops/action-gh-release/issues/411)\u003c/code\u003e,\nwhere the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/153bb8e04406b158c6c84fc1615b65b24149a1fe\"\u003e\u003ccode\u003e153bb8e\u003c/code\u003e\u003c/a\u003e release 2.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/569deb874d08cd8cc0aa24af7c0b21160fe4b0e4\"\u003e\u003ccode\u003e569deb8\u003c/code\u003e\u003c/a\u003e fix: preserve discussion category when publishing releases (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/765\"\u003e#765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/26e8ad27a09a225049a7075d7ec1caa2df6ff332\"\u003e\u003ccode\u003e26e8ad2\u003c/code\u003e\u003c/a\u003e release 2.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b959f31e968fb47fb7bb823087fc092d5613e0a4\"\u003e\u003ccode\u003eb959f31\u003c/code\u003e\u003c/a\u003e fix: clarify immutable prerelease uploads (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/763\"\u003e#763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/8a8510e3a0d8dfc9296171fd405ca8c8ea6206a4\"\u003e\u003ccode\u003e8a8510e\u003c/code\u003e\u003c/a\u003e ci: verify dist bundle freshness (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/438c15ddf5b01e992ef98dc29cea3f9992ab54ac\"\u003e\u003ccode\u003e438c15d\u003c/code\u003e\u003c/a\u003e docs: clarify working_directory input (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/761\"\u003e#761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/6ca3b5d96e3a0fac11dc53f0809c2cb029e64902\"\u003e\u003ccode\u003e6ca3b5d\u003c/code\u003e\u003c/a\u003e fix: recover concurrent asset metadata 404s (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/760\"\u003e#760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/11f917660b31d6d56980ea3261f210556a812bd0\"\u003e\u003ccode\u003e11f9176\u003c/code\u003e\u003c/a\u003e chore: add RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/1f3f350167714515d2bcf8a18afcc5e8e0a362a8\"\u003e\u003ccode\u003e1f3f350\u003c/code\u003e\u003c/a\u003e feat: add AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/37819cb191890d306d21cfb5ac4e7a358f0a6e4f\"\u003e\u003ccode\u003e37819cb\u003c/code\u003e\u003c/a\u003e docs: clarify reused draft release behavior (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/759\"\u003e#759\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 10.1.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/stale/releases\"\u003eactions/stale's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix checking state cache (fix \u003ca href=\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e) and switch to Octokit helper methods by \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade js-yaml from  4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1304\"\u003eactions/stale#1304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade lodash from 4.17.21 to 4.17.23 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1313\"\u003eactions/stale#1313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0  by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1312\"\u003eactions/stale#1312\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/stale/compare/v10...v10.2.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003e\u003ccode\u003eb5d41d4\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1313\"\u003e#1313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/dcd2b9469d2220b7e8d08aedc00c105d277fd46b\"\u003e\u003ccode\u003edcd2b94\u003c/code\u003e\u003c/a\u003e Fix punycode and url.parse Deprecation Warnings (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1312\"\u003e#1312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/d6f8a33132340b15a7006f552936e4b9b39c00ec\"\u003e\u003ccode\u003ed6f8a33\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1304\"\u003e#1304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/a21a0816299b11691f9592ef0d63d08e02f06d9d\"\u003e\u003ccode\u003ea21a081\u003c/code\u003e\u003c/a\u003e Fix checking state cache (fix \u003ca href=\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e), also switch to octokit methods (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/wesley-dean/publish_image/pull/81","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wesley-dean%2Fpublish_image/issues/81","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/81/packages"}],"issue_packages":[{"old_version":"5959937332eef39ce9dd99fcd87dbeccc0be273e","new_version":"a151007c426d6bc89bfde35a7bd3cd64cf373493","update_type":null,"path":null,"pr_created_at":"2026-06-08T01:26:36.000Z","version_change":"5959937332eef39ce9dd99fcd87dbeccc0be273e → a151007c426d6bc89bfde35a7bd3cd64cf373493","issue":{"uuid":"4609392772","node_id":"PR_kwDOQ9aw2c7juQ9J","number":46,"state":"open","title":"chore(deps): bump oxsecurity/megalinter from 5959937332eef39ce9dd99fcd87dbeccc0be273e to a151007c426d6bc89bfde35a7bd3cd64cf373493","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T01:26:36.000Z","updated_at":"2026-06-08T01:28:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"5959937332eef39ce9dd99fcd87dbeccc0be273e","new_version":"a151007c426d6bc89bfde35a7bd3cd64cf373493","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 5959937332eef39ce9dd99fcd87dbeccc0be273e to a151007c426d6bc89bfde35a7bd3cd64cf373493.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003e@eslint/eslintrc\u003c/code\u003e shim removed\u003c/strong\u003e from JavaScript/TypeScript/JSX/TSX Docker images (was only needed for legacy \u003ccode\u003eFlatCompat\u003c/code\u003e); MegaLinter's bundled test fixtures use native flat config.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eESLint linters now force migration off \u003ccode\u003e.eslintrc.*\u003c/code\u003e\u003c/strong\u003e: \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e activate when they find any \u003ccode\u003eeslint.config.*\u003c/code\u003e \u003cem\u003eor\u003c/em\u003e any deprecated \u003ccode\u003e.eslintrc.*\u003c/code\u003e / \u003ccode\u003epackage.json#eslintConfig\u003c/code\u003e. In the legacy case the linter does not call ESLint at all — it emits a single hard failure with a migration message so the build stays red until the config is migrated to flat config. See the \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003eESLint flat-config migration guide\u003c/a\u003e. To opt out, set \u003ccode\u003eDISABLE_LINTERS\u003c/code\u003e or \u003ccode\u003eDISABLE\u003c/code\u003e to exclude the affected linter/descriptor.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e removed\u003c/strong\u003e: upstream bug \u003ca href=\"https://redirect.github.com/ota-meshi/eslint-plugin-jsonc/issues/328\"\u003eota-meshi/eslint-plugin-jsonc#328\u003c/a\u003e blocks ESLint v10 compatibility and will not be fixed. Use \u003ccode\u003eJSON_JSONLINT\u003c/code\u003e, \u003ccode\u003eJSON_PRETTIER\u003c/code\u003e, or \u003ccode\u003eJSON_V8R\u003c/code\u003e for JSON validation instead.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e — permanently broken by upstream bug (see Breaking changes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStop generating per-linter Dockerfiles for linters marked \u003ccode\u003edisabled: true\u003c/code\u003e in their descriptor. The matching images were already excluded from the build matrix (\u003ccode\u003elinters_matrix.json\u003c/code\u003e) and never published, so the on-disk \u003ccode\u003elinters/\u0026lt;linter\u0026gt;/Dockerfile\u003c/code\u003e was dead code. Deleted the 8 corresponding stale Dockerfile directories.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a151007c426d6bc89bfde35a7bd3cd64cf373493\"\u003e\u003ccode\u003ea151007\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-core from 1.4.0 to 1.4.1 in /.config/python/dev (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/04e722590021a5326a2f7ad85823da15d860a14e\"\u003e\u003ccode\u003e04e7225\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/959495f31da1dd6984bf6f9be1fb8a8373eca5eb\"\u003e\u003ccode\u003e959495f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency anchore/syft to v1.45.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f2cc57f835d42b3f82905e7828718635406104e1\"\u003e\u003ccode\u003ef2cc57f\u003c/code\u003e\u003c/a\u003e chore(deps): update phpstan packages to v2.2.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8031\"\u003e#8031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f6c4453d4579a74170f3d53acd1ff39b52948159\"\u003e\u003ccode\u003ef6c4453\u003c/code\u003e\u003c/a\u003e chore(deps): update salesforce packages to v2.28.6 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8032\"\u003e#8032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0f7586d0da20b7d9555b31a7bf91c89b7d30580e\"\u003e\u003ccode\u003e0f7586d\u003c/code\u003e\u003c/a\u003e chore(deps): bump rq from 2.9.0 to 2.9.1 in /server (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8046\"\u003e#8046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e7d1d4e14ca80e25391cde478a9b025a1b765e32\"\u003e\u003ccode\u003ee7d1d4e\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-multipart to v0.0.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8024\"\u003e#8024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/db3ea5d6c1a0b3f698c31510714ed7c15d1708d5\"\u003e\u003ccode\u003edb3ea5d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency sqlfluff to v4.2.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8028\"\u003e#8028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6ffd240b42b4d8a2345cf0ad74edffc64c42a309\"\u003e\u003ccode\u003e6ffd240\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/terraform-linters/tflint docker tag to v0.63.1 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/69268416e0a6e9bf5ccfcbb6250bc42da971ac47\"\u003e\u003ccode\u003e6926841\u003c/code\u003e\u003c/a\u003e chore(deps): update salesforce packages to v2.137.7 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/8041\"\u003e#8041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/5959937332eef39ce9dd99fcd87dbeccc0be273e...a151007c426d6bc89bfde35a7bd3cd64cf373493\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/coat-tag-validator/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcoat-tag-validator/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T19:56:44.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4519226644","node_id":"PR_kwDOQk55ps7fJ7kf","number":133,"state":"open","title":"perf(deps): bump oxsecurity/megalinter from 9.4.0 to 9.5.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T19:56:44.000Z","updated_at":"2026-05-27T05:17:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"perf(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.4.0 to 9.5.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStop generating per-linter Dockerfiles for linters marked \u003ccode\u003edisabled: true\u003c/code\u003e in their descriptor. The matching images were already excluded from the build matrix (\u003ccode\u003elinters_matrix.json\u003c/code\u003e) and never published, so the on-disk \u003ccode\u003elinters/\u0026lt;linter\u0026gt;/Dockerfile\u003c/code\u003e was dead code. Deleted the 8 corresponding stale Dockerfile directories.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress the new \u003ccode\u003eref-version-mismatch\u003c/code\u003e audit introduced by zizmor 1.25.0 for the project's pinned \u003ccode\u003euses:\u003c/code\u003e action references. The SHA pins are correct (the supply-chain property); only the inline \u003ccode\u003e# vX\u003c/code\u003e comments lag behind exact subversions, and renovate maintains the hashes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kc-workspace/kcws/pull/133","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kc-workspace%2Fkcws/issues/133","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/133/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":"the github-actions group","pr_created_at":"2026-05-25T02:23:21.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4513823966","node_id":"PR_kwDOH_O8q87e4gC4","number":812,"state":"open","title":"build(deps): bump oxsecurity/megalinter from 9.4.0 to 9.5.0 in the github-actions group","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T02:23:21.000Z","updated_at":"2026-05-25T02:26:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":"the github-actions group","ecosystem":"actions"},"body":"Bumps the github-actions group with 1 update: [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter).\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew linter descriptor property \u003ccode\u003ecommon_linter_errors\u003c/code\u003e: declare known non-lint failure patterns (config issue, remote service down, missing credentials…) and the guidance message shown to users, directly in YAML — no custom Python class needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eIndexError\u003c/code\u003e when building the single-linter Docker image for a linter whose activation depends on a file (e.g. \u003ccode\u003eSPELL_VALE\u003c/code\u003e requires \u003ccode\u003e.vale.ini\u003c/code\u003e): \u003ccode\u003epython -m megalinter.run --linterversion\u003c/code\u003e now bypasses activation filtering since the per-linter image is built for that linter unconditionally.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStop generating per-linter Dockerfiles for linters marked \u003ccode\u003edisabled: true\u003c/code\u003e in their descriptor. The matching images were already excluded from the build matrix (\u003ccode\u003elinters_matrix.json\u003c/code\u003e) and never published, so the on-disk \u003ccode\u003elinters/\u0026lt;linter\u0026gt;/Dockerfile\u003c/code\u003e was dead code. Deleted the 8 corresponding stale Dockerfile directories.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress the new \u003ccode\u003eref-version-mismatch\u003c/code\u003e audit introduced by zizmor 1.25.0 for the project's pinned \u003ccode\u003euses:\u003c/code\u003e action references. The SHA pins are correct (the supply-chain property); only the inline \u003ccode\u003e# vX\u003c/code\u003e comments lag behind exact subversions, and renovate maintains the hashes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=9.4.0\u0026new-version=9.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/philips-software/amp-hal-st/pull/812","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Famp-hal-st/issues/812","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/812/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T02:26:29.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4499310831","node_id":"PR_kwDORywFDM7eLTCU","number":7,"state":"closed","title":"Bump the patch-minor-action-updates group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T02:23:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T02:26:29.000Z","updated_at":"2026-06-05T02:23:51.000Z","time_to_close":1209441,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"patch-minor-action-updates","update_count":6,"packages":[{"name":"hendrikmuhs/ccache-action","old_version":"1.2.21","new_version":"1.2.23","repository_url":"https://github.com/hendrikmuhs/ccache-action"},{"name":"lukka/run-cmake","old_version":"10.8","new_version":"10.9","repository_url":"https://github.com/lukka/run-cmake"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"carlosperate/arm-none-eabi-gcc-action","old_version":"1.12.1","new_version":"1.12.3","repository_url":"https://github.com/carlosperate/arm-none-eabi-gcc-action"},{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/create-github-app-token","old_version":"3.0.0","new_version":"3.2.0","repository_url":"https://github.com/actions/create-github-app-token"}],"path":null,"ecosystem":"actions"},"body":"Bumps the patch-minor-action-updates group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.21` | `1.2.23` |\n| [lukka/run-cmake](https://github.com/lukka/run-cmake) | `10.8` | `10.9` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [carlosperate/arm-none-eabi-gcc-action](https://github.com/carlosperate/arm-none-eabi-gcc-action) | `1.12.1` | `1.12.3` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.4.0` | `9.5.0` |\n| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.0.0` | `3.2.0` |\n\n\nUpdates `hendrikmuhs/ccache-action` from 1.2.21 to 1.2.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/releases\"\u003ehendrikmuhs/ccache-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/436\"\u003ehendrikmuhs/ccache-action#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.5.0 to 25.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/440\"\u003ehendrikmuhs/ccache-action#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate ccache to 4.13.3 by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/441\"\u003ehendrikmuhs/ccache-action#441\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/438\"\u003ehendrikmuhs/ccache-action#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport platforms without upstream ccache/sccache releases by \u003ca href=\"https://github.com/luhenry\"\u003e\u003ccode\u003e@​luhenry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/439\"\u003ehendrikmuhs/ccache-action#439\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/luhenry\"\u003e\u003ccode\u003e@​luhenry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/439\"\u003ehendrikmuhs/ccache-action#439\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/v1.2.22...v1.2.23\"\u003ehttps://github.com/hendrikmuhs/ccache-action/compare/v1.2.22...v1.2.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump picomatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/435\"\u003ehendrikmuhs/ccache-action#435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.1 to 5.5.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/434\"\u003ehendrikmuhs/ccache-action#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/v1.2.21...v1.2.22\"\u003ehttps://github.com/hendrikmuhs/ccache-action/compare/v1.2.21...v1.2.22\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/d62db5f07c26379fc4b4e0916f098a92573c3b03\"\u003e\u003ccode\u003ed62db5f\u003c/code\u003e\u003c/a\u003e Support platforms without upstream ccache/sccache releases (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/439\"\u003e#439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/05e1c04f70f450688c8bf36082e71050cda33fff\"\u003e\u003ccode\u003e05e1c04\u003c/code\u003e\u003c/a\u003e update code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/46cafa7d86381b309fd628848dc9a06f6b62fa84\"\u003e\u003ccode\u003e46cafa7\u003c/code\u003e\u003c/a\u003e Bump brace-expansion (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/438\"\u003e#438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/1f2fc71e6bcde2d2239527d286615b056034631d\"\u003e\u003ccode\u003e1f2fc71\u003c/code\u003e\u003c/a\u003e Update ccache to 4.13.3 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/441\"\u003e#441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/a488765c244f03fddbbccc93de3f64abdb389e59\"\u003e\u003ccode\u003ea488765\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.5.0 to 25.6.0 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/440\"\u003e#440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/c97afba725c6d99ed1e7395257fb02cc412236d5\"\u003e\u003ccode\u003ec97afba\u003c/code\u003e\u003c/a\u003e Bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/33522472633dbd32578e909b315f5ee43ba878ce\"\u003e\u003ccode\u003e3352247\u003c/code\u003e\u003c/a\u003e update code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/e44a23f5a6ffaedad8fe0b99b5fcab622d8eff30\"\u003e\u003ccode\u003ee44a23f\u003c/code\u003e\u003c/a\u003e Bump fast-xml-parser from 5.4.1 to 5.5.7 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/bb3037d80491af493622cfcf9da6f2c5e4d46729\"\u003e\u003ccode\u003ebb3037d\u003c/code\u003e\u003c/a\u003e Bump picomatch (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/1bbbcda0748b3e340dee71a314fa68ffcbd6df79...d62db5f07c26379fc4b4e0916f098a92573c3b03\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lukka/run-cmake` from 10.8 to 10.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lukka/run-cmake/releases\"\u003elukka/run-cmake's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erun-cmake@v10.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDocument solution as suggested in \u003ca href=\"https://github.com/lukka/run-cmake/%E2%80%A6\"\u003ehttps://github.com/lukka/run-cmake/…\u003c/a\u003e by \u003ca href=\"https://github.com/lukka\"\u003e\u003ccode\u003e@​lukka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/151\"\u003elukka/run-cmake#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/155\"\u003e#155\u003c/a\u003e by \u003ca href=\"https://github.com/lukka\"\u003e\u003ccode\u003e@​lukka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/158\"\u003elukka/run-cmake#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GitHub Actions To Use Node 24 by \u003ca href=\"https://github.com/stephengtuggy\"\u003e\u003ccode\u003e@​stephengtuggy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/157\"\u003elukka/run-cmake#157\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stephengtuggy\"\u003e\u003ccode\u003e@​stephengtuggy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/pull/157\"\u003elukka/run-cmake#157\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lukka/run-cmake/compare/v10.8...v10.9\"\u003ehttps://github.com/lukka/run-cmake/compare/v10.8...v10.9\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/5d55ea7949e25f69f0ecb516d8d572297e03a956\"\u003e\u003ccode\u003e5d55ea7\u003c/code\u003e\u003c/a\u003e consume lib v4.1.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/3fd3792e299f5013b7a1f597deb73984fcc1f752\"\u003e\u003ccode\u003e3fd3792\u003c/code\u003e\u003c/a\u003e consume libs v4.1.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/9434c8d328fc0b4e9ee7889e2e2ca31ce54b0141\"\u003e\u003ccode\u003e9434c8d\u003c/code\u003e\u003c/a\u003e second attempt: fixes \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/0cd486b6ae34b8d3ea70d56b9d2038158456a251\"\u003e\u003ccode\u003e0cd486b\u003c/code\u003e\u003c/a\u003e Update GitHub Actions To Use Node 24 (\u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/1c9a7c75677e9a9963334684dd4734a209b8d481\"\u003e\u003ccode\u003e1c9a7c7\u003c/code\u003e\u003c/a\u003e fixed \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/67c73a83a46f86c4e0b96b741ac37ff495478c38\"\u003e\u003ccode\u003e67c73a8\u003c/code\u003e\u003c/a\u003e Document solution as suggested in \u003ca href=\"https://redirect.github.com/lukka/run-cmake/issues/1\"\u003elukka/run-cmake#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/45ee98ed9cfda1048b40f672518179f1545f7fbe\"\u003e\u003ccode\u003e45ee98e\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​octokit/request-error\u003c/code\u003e from 5.0.1 to 5.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukka/run-cmake/commit/12e545b6075094406306c5a9f11d50a18cce9474\"\u003e\u003ccode\u003e12e545b\u003c/code\u003e\u003c/a\u003e Bump cross-spawn from 7.0.3 to 7.0.6\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lukka/run-cmake/compare/af1be47fd7c933593f687731bc6fdbee024d3ff4...5d55ea7949e25f69f0ecb516d8d572297e03a956\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carlosperate/arm-none-eabi-gcc-action` from 1.12.1 to 1.12.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/releases\"\u003ecarlosperate/arm-none-eabi-gcc-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.12.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix cache path validation error on Windows by providing require polyfill in ESM\n\u003ccode\u003eactions/toolkit#2085\u003c/code\u003e\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/95\"\u003e#95\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAs there can be OS specific issues when building the action, \u003ccode\u003etest-build\u003c/code\u003e\njob now runs on all supported OSes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.2...v1.12.3\"\u003ehttps://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.2...v1.12.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.12.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace ncc with rollup, for compat with ESM-only dependencies.\u003c/li\u003e\n\u003cli\u003eUpdated most of the direct dependencies to their latest version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/90\"\u003e#90\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/91\"\u003e#91\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/92\"\u003e#92\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.1...v1.12.2\"\u003ehttps://github.com/carlosperate/arm-none-eabi-gcc-action/compare/v1.12.1...v1.12.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/blob/main/CHANGELOG.md\"\u003ecarlosperate/arm-none-eabi-gcc-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.12.3 - (2026-04-09)\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix cache path validation error on Windows by providing require polyfill in ESM\n\u003ccode\u003eactions/toolkit#2085\u003c/code\u003e\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/95\"\u003e#95\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAs there can be OS specific issues when building the action, \u003ccode\u003etest-build\u003c/code\u003e\njob now runs on all supported OSes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.12.2 - 2026-04-08\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace ncc with rollup, for compat with ESM-only dependencies.\u003c/li\u003e\n\u003cli\u003eUpdated most of the direct dependencies to their latest version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/90\"\u003e#90\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/91\"\u003e#91\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/92\"\u003e#92\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.12.1 - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgraded the running node version from v20 to v24 (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/88\"\u003e#88\u003c/a\u003e thanks \u003ca href=\"https://github.com/ETSells\"\u003e\u003ccode\u003e@​ETSells\u003c/code\u003e\u003c/a\u003e!)\u003c/li\u003e\n\u003cli\u003eMinor refactor to switch \u003ccode\u003e@actions/http-client\u003c/code\u003e with \u003ccode\u003efetch\u003c/code\u003e (441583d)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/85\"\u003e#85\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.12.0 - 2025-12-21\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e15.2.Rel1\u003c/code\u003e Arm GNU Toolchain release (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/83\"\u003e#83\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor refactor of GCC versions data location\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.11.1 - 2025-11-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eArm has moved the GCC downloads to different servers.\nThis action has been updated to be able to follow the URL redirections\naccordingly (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/80\"\u003e#80\u003c/a\u003e), and the URLs have been updated (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/79\"\u003e#79\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/81\"\u003e#81\u003c/a\u003e) (thanks \u003ca href=\"https://github.com/gschwaer\"\u003e\u003ccode\u003e@​gschwaer\u003c/code\u003e\u003c/a\u003e!)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/73\"\u003e#73\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.11.0 - 2025-11-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e14.3.Rel1\u003c/code\u003e Arm GNU Toolchain release (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity update for third party dependencies (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/66\"\u003e#66\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/68\"\u003e#68\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/71\"\u003e#71\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/0725d97b026acf7fc8e22dfd5bee912998879ba8\"\u003e\u003ccode\u003e0725d97\u003c/code\u003e\u003c/a\u003e project: Uprev to v1.12.3 \u0026amp; update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/06b4f82efd2010cc3317a49b5ecd38f6c8b8c9fc\"\u003e\u003ccode\u003e06b4f82\u003c/code\u003e\u003c/a\u003e fix: Windows cache path validation within \u003ccode\u003e@​actions/cache\u003c/code\u003e-\u0026gt;\u003ccode\u003e@​actions/glob\u003c/code\u003e-\u0026gt;mini...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/58bf5136fd1e83623fdb0c7662069e3d7695d098\"\u003e\u003ccode\u003e58bf513\u003c/code\u003e\u003c/a\u003e ci: Run \u003ccode\u003etest-build\u003c/code\u003e on all OSes to catch platform specific issues.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/c2381d89698e3125599615f3082bfe032cf7c180\"\u003e\u003ccode\u003ec2381d8\u003c/code\u003e\u003c/a\u003e Project: Uprev to v1.12.2 \u0026amp; update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/2ca53df556625551277e1487d410b95c8e6611d0\"\u003e\u003ccode\u003e2ca53df\u003c/code\u003e\u003c/a\u003e deps: Bump brace-expansion (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/604387eec1cf7ceced38f2179726b042cbf5cdf8\"\u003e\u003ccode\u003e604387e\u003c/code\u003e\u003c/a\u003e deps: Bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/4f77049a4aee2c8327480370a01cd20dbfe2c930\"\u003e\u003ccode\u003e4f77049\u003c/code\u003e\u003c/a\u003e deps: Bump picomatch (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/3052bce9f208cb1863576c343e1694a214ae091f\"\u003e\u003ccode\u003e3052bce\u003c/code\u003e\u003c/a\u003e ci: Fix jest ESM handling for the URL tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/15d2e9a4699ad9da920b942fd57e21e3cc6c71a6\"\u003e\u003ccode\u003e15d2e9a\u003c/code\u003e\u003c/a\u003e deps: Updated most dependencies to the latest version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/commit/c28a6fcd9f45a16379724cd2f0fae5cf412f81c0\"\u003e\u003ccode\u003ec28a6fc\u003c/code\u003e\u003c/a\u003e deps: Bump flatted from 3.2.2 to 3.4.2 (\u003ca href=\"https://redirect.github.com/carlosperate/arm-none-eabi-gcc-action/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carlosperate/arm-none-eabi-gcc-action/compare/7153327ecfbc421a0b4268058e4bb3d5d6e5df2c...0725d97b026acf7fc8e22dfd5bee912998879ba8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/create-github-app-token` from 3.0.0 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/create-github-app-token/releases\"\u003eactions/create-github-app-token's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for enterprise-level GitHub Apps (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/263\"\u003e#263\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4\"\u003e952a2a7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport full repository names in \u003ccode\u003erepositories\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/372\"\u003e#372\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6\"\u003e85eb8dd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in the production-dependencies group (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/364\"\u003e#364\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857\"\u003e43e5c34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003evalidate private-key input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/376\"\u003e#376\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd\"\u003ef24bbd8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2026-04-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove error message when app identifier is empty (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/362\"\u003e#362\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/07e2b760664f080c40eec4eacf7477256582db36\"\u003e07e2b76\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/249\"\u003e#249\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.0.0...v3.1.0\"\u003e3.1.0\u003c/a\u003e (2026-04-11)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump p-retry from 7.1.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/357\"\u003e#357\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/3bbe07d928e2d6c30bf3e37c6b89edbc4045facf\"\u003e3bbe07d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eclient-id\u003c/code\u003e input and deprecate \u003ccode\u003eapp-id\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/353\"\u003e#353\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/e6bd4e6970172bed9fe138b2eaf4cbffa4cca8f9\"\u003ee6bd4e6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate permission inputs (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/358\"\u003e#358\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/076e9480ca6e9633bff412d05eff0fc2f1e7d2be\"\u003e076e948\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md\"\u003eactions/create-github-app-token's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for enterprise-level GitHub Apps (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/263\"\u003e#263\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4\"\u003e952a2a7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport full repository names in \u003ccode\u003erepositories\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/372\"\u003e#372\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6\"\u003e85eb8dd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in the production-dependencies group (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/364\"\u003e#364\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857\"\u003e43e5c34\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003evalidate private-key input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/376\"\u003e#376\u003c/a\u003e) (\u003ca href=\"https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd\"\u003ef24bbd8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/bcd2ba49218906704ab6c1aa796996da409d3eb1\"\u003e\u003ccode\u003ebcd2ba4\u003c/code\u003e\u003c/a\u003e chore(main): release 3.2.0 (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd\"\u003e\u003ccode\u003ef24bbd8\u003c/code\u003e\u003c/a\u003e fix: validate private-key input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/376\"\u003e#376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/363531b6d972a60a00b3f1e6bb139e5e6c764cd9\"\u003e\u003ccode\u003e363531b\u003c/code\u003e\u003c/a\u003e docs: capitalize Git as a proper noun in README (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/fd2801133e469d2950f2c5af5e591d6b2ad833c8\"\u003e\u003ccode\u003efd28011\u003c/code\u003e\u003c/a\u003e docs: update procedure to configure Git (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6\"\u003e\u003ccode\u003e85eb8dd\u003c/code\u003e\u003c/a\u003e feat: support full repository names in \u003ccode\u003erepositories\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/372\"\u003e#372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/c9aabb83728c3bd519212fa657ebc07e1f2a5dec\"\u003e\u003ccode\u003ec9aabb8\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/e02e816e5591415258a53bf735aff57977dcd5e2\"\u003e\u003ccode\u003ee02e816\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump undici from 7.24.6 to 8.2.0 (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/8d835bfd37aa48fcb8e709925115857568d98bc4\"\u003e\u003ccode\u003e8d835bf\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4\"\u003e\u003ccode\u003e952a2a7\u003c/code\u003e\u003c/a\u003e feat: add support for enterprise-level GitHub Apps (\u003ca href=\"https://redirect.github.com/actions/create-github-app-token/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857\"\u003e\u003ccode\u003e43e5c34\u003c/code\u003e\u003c/a\u003e fix(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in the production-dependenc...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/create-github-app-token/compare/f8d387b68d61c58ab83c6c016672934102569859...bcd2ba49218906704ab6c1aa796996da409d3eb1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/gabrielfrasantos/fin-bs/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gabrielfrasantos%2Ffin-bs/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"59759b5cedbf26980423e9c71026fd064f5e4910","update_type":null,"path":null,"pr_created_at":"2026-05-19T09:39:38.000Z","version_change":"32ce86e7362f1bd71e0d165a0b35864701e8dc56 → 59759b5cedbf26980423e9c71026fd064f5e4910","issue":{"uuid":"4476247534","node_id":"PR_kwDOEKuYws7dAjHK","number":438,"state":"closed","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 59759b5cedbf26980423e9c71026fd064f5e4910","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-26T04:58:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T09:39:38.000Z","updated_at":"2026-05-26T04:58:12.000Z","time_to_close":587912,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"59759b5cedbf26980423e9c71026fd064f5e4910","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 59759b5cedbf26980423e9c71026fd064f5e4910.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/59759b5cedbf26980423e9c71026fd064f5e4910\"\u003e\u003ccode\u003e59759b5\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency jscpd to v4.2.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7859\"\u003e#7859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/906d3d39c5fa9f672e60fd6fad17f2a66c916f0b\"\u003e\u003ccode\u003e906d3d3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency black to v26.5.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7858\"\u003e#7858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/db18d6105982f426364252ed21f2b9ad527d30f3\"\u003e\u003ccode\u003edb18d61\u003c/code\u003e\u003c/a\u003e fix: prevent command injection in Roslynator linter by using argv list for do...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/da59f1c8f8ca276e3af4d13122e09e90d7feae78\"\u003e\u003ccode\u003eda59f1c\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/efc81827ee2ffe82835bca3eb88444167a109999\"\u003e\u003ccode\u003eefc8182\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-multipart to v0.0.29 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/d62889bbe8b90392dd0393ce3638111637eb0733\"\u003e\u003ccode\u003ed62889b\u003c/code\u003e\u003c/a\u003e Update python version in devcontainer image (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7853\"\u003e#7853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/818c0514b584f3dc8dc66b7ead77761d2ade0a08\"\u003e\u003ccode\u003e818c051\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency jscpd to v4.2.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7852\"\u003e#7852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/47f6fece9e418aa243c85f6139e8c73a39ce3e03\"\u003e\u003ccode\u003e47f6fec\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency stylelint to v17.11.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7851\"\u003e#7851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/655e34f36f63ec654990f7683145ec47aa88430c\"\u003e\u003ccode\u003e655e34f\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7846\"\u003e#7846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4cd964e88da9fb7516f4c06401536e7f323e17ac\"\u003e\u003ccode\u003e4cd964e\u003c/code\u003e\u003c/a\u003e feat: collect and update Docker image download counts, update README badges (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...59759b5cedbf26980423e9c71026fd064f5e4910\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/438","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/438","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/438/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":null,"pr_created_at":"2026-05-19T03:54:35.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4474258339","node_id":"PR_kwDOQ4obY87c6Kg9","number":21,"state":"open","title":"fix(deps): bump the minor-and-patch group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T03:54:35.000Z","updated_at":"2026-05-19T03:56:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps): bump","group_name":"minor-and-patch","update_count":2,"packages":[{"name":"github/codeql-action","old_version":"4.35.3","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps the minor-and-patch group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter).\n\nUpdates `github/codeql-action` from 4.35.3 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/wesley-dean/docme/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wesley-dean%2Fdocme/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T22:34:02.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4473035822","node_id":"PR_kwDOMShRxc7c2Sex","number":119,"state":"open","title":"Bump oxsecurity/megalinter from 9.4.0 to 9.5.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T22:34:02.000Z","updated_at":"2026-05-18T22:36:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.4.0 to 9.5.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix command injection in Roslynator linter (\u003ccode\u003eDOTNET_ROSLYNATOR\u003c/code\u003e) where a crafted \u003ccode\u003e.csproj\u003c/code\u003e filename could break out of \u003ccode\u003edotnet restore\u003c/code\u003e arguments and execute arbitrary shell commands. The command is now invoked via argv list instead of a shell string. Reported by Francesco Sabiu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=9.4.0\u0026new-version=9.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/wesley-dean/dht11_mqtt/pull/119","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wesley-dean%2Fdht11_mqtt/issues/119","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/119/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T09:35:13.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4467968094","node_id":"PR_kwDODWdgvM7clzGf","number":4835,"state":"open","title":"Bump oxsecurity/megalinter from 9.4.0 to 9.5.0","user":"dependabot[bot]","labels":["dependencies","github_actions","needs-ok-to-test"],"assignees":["cadenmarchese"],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T09:35:13.000Z","updated_at":"2026-05-27T12:47:04.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 9.4.0 to 9.5.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://stylelint.io\"\u003estylelint\u003c/a\u003e from 17.11.0 to \u003cstrong\u003e17.11.1\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=9.4.0\u0026new-version=9.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Azure/ARO-RP/pull/4835","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FARO-RP/issues/4835","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4835/packages"}},{"old_version":"9.4.0","new_version":"9.5.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T05:24:22.000Z","version_change":"9.4.0 → 9.5.0","issue":{"uuid":"4466477357","node_id":"PR_kwDOR03C5s7chBD9","number":21,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 8 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T05:24:22.000Z","updated_at":"2026-05-18T05:28:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":8,"packages":[{"name":"astral-sh/setup-uv","old_version":"8.0.0","new_version":"8.1.0","repository_url":"https://github.com/astral-sh/setup-uv"},{"name":"actions/cache","old_version":"5.0.4","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"softprops/action-gh-release","old_version":"2.6.1","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"oxsecurity/megalinter","old_version":"9.4.0","new_version":"9.5.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"SonarSource/sonarqube-scan-action","old_version":"7.1.0","new_version":"8.0.0","repository_url":"https://github.com/sonarsource/sonarqube-scan-action"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"peter-evans/create-pull-request","old_version":"8.1.0","new_version":"8.1.1","repository_url":"https://github.com/peter-evans/create-pull-request"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.0.0` | `8.1.0` |\n| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.4.0` | `9.5.0` |\n| [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `7.1.0` | `8.0.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` |\n\n\nUpdates `astral-sh/setup-uv` from 8.0.0 to 8.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/setup-uv/releases\"\u003eastral-sh/setup-uv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.1.0 🌈 New input \u003ccode\u003eno-project\u003c/code\u003e\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cp\u003eThis add the a new boolean input \u003ccode\u003eno-project\u003c/code\u003e.\nIt only makes sense to use in combination with \u003ccode\u003eactivate-environment: true\u003c/code\u003e and will append \u003ccode\u003e--no project\u003c/code\u003e to the \u003ccode\u003euv venv\u003c/code\u003e call. This is for example useful \u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/854\"\u003eif you have a pyproject.toml file with parts unparseable by uv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e🚀 Enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd input no-project in combination with activate-environment \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧰 Maintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: grant contents:write to validate-release job \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/860\"\u003e#860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a release-gate step to the release workflow \u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDraft commitish releases \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd action-types.yml to instructions \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.7 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor version resolving \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/852\"\u003e#852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.6 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.5 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/845\"\u003e#845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.4 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/843\"\u003e#843\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a release workflow \u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/839\"\u003e#839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update known checksums for 0.11.3 @\u003ca href=\"https://github.com/apps/github-actions\"\u003egithub-actions[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ignore-nothing-to-cache documentation \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/833\"\u003e#833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin setup-uv docs to v8 \u003ca href=\"https://github.com/eifinger\"\u003e\u003ccode\u003e@​eifinger\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/829\"\u003e#829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⬆️ Dependency updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/855\"\u003e#855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/08807647e7069bb48b6ef5acd8ec9567f424441b\"\u003e\u003ccode\u003e0880764\u003c/code\u003e\u003c/a\u003e fix: grant contents:write to validate-release job (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/860\"\u003e#860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/717d6aba0f15312f509f5c4999e34d71ecbab8a9\"\u003e\u003ccode\u003e717d6ab\u003c/code\u003e\u003c/a\u003e Add a release-gate step to the release workflow (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/5a911eb3a3983b5e650f2dad95c1ce698ca94378\"\u003e\u003ccode\u003e5a911eb\u003c/code\u003e\u003c/a\u003e Draft commitish releases (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/080c31e04cd7155b0ca676d08c7bc260a4476a23\"\u003e\u003ccode\u003e080c31e\u003c/code\u003e\u003c/a\u003e Add action-types.yml to instructions (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/857\"\u003e#857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/b3e97d2ba1a1eed7e9d1f8456dd06c3b725bc3a6\"\u003e\u003ccode\u003eb3e97d2\u003c/code\u003e\u003c/a\u003e Add input no-project in combination with activate-environment (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/7dd591db9557f680290587fcc578372813b9ff64\"\u003e\u003ccode\u003e7dd591d\u003c/code\u003e\u003c/a\u003e chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/855\"\u003e#855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/1541b7762698877904805605192ecd63d0e4787a\"\u003e\u003ccode\u003e1541b77\u003c/code\u003e\u003c/a\u003e chore: update known checksums for 0.11.7 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/cdfb2ee6dde255817c739680168ad81e184c4bfb\"\u003e\u003ccode\u003ecdfb2ee\u003c/code\u003e\u003c/a\u003e Refactor version resolving (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/852\"\u003e#852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/cb84d12dc6a0d495b82fcae14fa4559b90698660\"\u003e\u003ccode\u003ecb84d12\u003c/code\u003e\u003c/a\u003e chore: update known checksums for 0.11.6 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/setup-uv/commit/1912cc65f2e839707d7a16f2372f30b57d35fd80\"\u003e\u003ccode\u003e1912cc6\u003c/code\u003e\u003c/a\u003e chore: update known checksums for 0.11.5 (\u003ca href=\"https://redirect.github.com/astral-sh/setup-uv/issues/845\"\u003e#845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/setup-uv/compare/cec208311dfd045dd5311c1add060b2062131d57...08807647e7069bb48b6ef5acd8ec9567f424441b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.4 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.6.1 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003e\u003ccode\u003eb430933\u003c/code\u003e\u003c/a\u003e release: cut v3.0.0 for Node 24 upgrade (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f\"\u003e\u003ccode\u003ec2e35e0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group across 1 directory with 7 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65\"\u003e\u003ccode\u003e3bb1273\u003c/code\u003e\u003c/a\u003e release 2.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c34030fec99b0db0f2f22ce7806c445dddb6e224\"\u003e\u003ccode\u003ec34030f\u003c/code\u003e\u003c/a\u003e chore: bump node to 24.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/8975bd05c0630603edb0dca2fc7544bf1c77f600\"\u003e\u003ccode\u003e8975bd0\u003c/code\u003e\u003c/a\u003e chore(deps): bump vite from 8.0.0 to 8.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/781\"\u003e#781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/f71937f44d5662ac6eb861431746174a7b46a7b6\"\u003e\u003ccode\u003ef71937f\u003c/code\u003e\u003c/a\u003e chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/777\"\u003e#777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/3f0d239d58d5c226738ec0a08d0465b548dc026f\"\u003e\u003ccode\u003e3f0d239\u003c/code\u003e\u003c/a\u003e chore(deps): bump picomatch from 4.0.3 to 4.0.4 (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/775\"\u003e#775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.4.0 to 9.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7835\"\u003e\u003cstrong\u003eTake 2 mn to read MegaLinter v9.5.0 announcements\u003c/strong\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocker images published only to GitHub Container Registry (\u003ccode\u003eghcr.io\u003c/code\u003e)\u003c/strong\u003e until OIDC-based publishing to Docker Hub is implemented. The Docker Hub registry (\u003ccode\u003edocker.io/oxsecurity/megalinter\u003c/code\u003e) is \u003cstrong\u003efrozen at v9.4.0\u003c/strong\u003e: pulls of \u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e (or \u003ccode\u003e:beta\u003c/code\u003e, or any flavor tag) will keep returning v9.4.0. To get v9.5.0 and later from CI tools other than GitHub Actions (GitLab CI, Azure Pipelines, Bitbucket, Jenkins, Drone, raw \u003ccode\u003edocker run\u003c/code\u003e, …), switch your image references:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:v9\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter:beta\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eoxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e → \u003ccode\u003eghcr.io/oxsecurity/megalinter-\u0026lt;flavor\u0026gt;:v9\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGitHub Action users (\u003ccode\u003euses: oxsecurity/megalinter@v9\u003c/code\u003e) and \u003ccode\u003emega-linter-runner\u003c/code\u003e users are \u003cstrong\u003enot affected\u003c/strong\u003e, as both already pull from \u003ccode\u003eghcr.io\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eESLint-based linters upgraded to v10+\u003c/strong\u003e. Legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are no longer supported: you must \u003ca href=\"https://eslint.org/docs/latest/use/configure/migration-guide\"\u003emigrate to flat-config\u003c/a\u003e (\u003ccode\u003eeslint.config.js\u003c/code\u003e) to keep using \u003ccode\u003eJAVASCRIPT_ES\u003c/code\u003e, \u003ccode\u003eTYPESCRIPT_ES\u003c/code\u003e, \u003ccode\u003eJSX_ESLINT\u003c/code\u003e, \u003ccode\u003eTSX_ESLINT\u003c/code\u003e, and \u003ccode\u003eJSON_ESLINT_PLUGIN_JSONC\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAirbnb and Standard ESLint configs replaced\u003c/strong\u003e (they never shipped ESLint 9+ support):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;airbnb\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;airbnb-extended\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eextends: [\u0026quot;standard\u0026quot;]\u003c/code\u003e → \u003ccode\u003eextends: [\u0026quot;neostandard\u0026quot;]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUser notifications system\u003c/strong\u003e: linters can surface structured \u0026quot;Notices\u0026quot; to end users in the PR comment / report footer (used for ESLint migration, deprecated options, etc.), replaces the ad-hoc migration warnings\u003c/li\u003e\n\u003cli\u003eSecurity: more \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003edefault hidden environment variables\u003c/a\u003e, so a compromised linter cannot leak your secrets\u003c/li\u003e\n\u003cli\u003eUpgrade .NET runtime to \u003cstrong\u003e10.0\u003c/strong\u003e (csharpier, dotnet-format, roslynator, devskim, tsqllint, vbdotnet-format)\u003c/li\u003e\n\u003cli\u003eUpgrade GO runtime to 1.26.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://google.github.io/osv-scanner/\"\u003eosv-scanner\u003c/a\u003e: trivy-like vulnerability scanner by Google\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e: GitHub Actions static analysis\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKICS (until upstream security issue is fixed)\u003c/li\u003e\n\u003cli\u003eSpectral (crashing)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTrivy (v0.70.0): the \u003ca href=\"https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-69fq-xp46-6x23\"\u003esupply chain security incident\u003c/a\u003e is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eESLint\u003c/strong\u003e: legacy \u003ccode\u003e.eslintrc.*\u003c/code\u003e configs are now detected and a migration notice is emitted in the report so users know they need to switch to flat-config\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eshellcheck\u003c/strong\u003e: honour the \u003ccode\u003eBASH_SHELLCHECK_CONFIG_FILE\u003c/code\u003e variable / \u003ccode\u003e.shellcheckrc\u003c/code\u003e config file\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eraku\u003c/strong\u003e (Rakudo): now ships on ARM64 too\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003escala\u003c/strong\u003e: linter installation is now deterministic (same binary across rebuilds)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ev8r\u003c/strong\u003e (JSON/YAML schema validation): output now shows only validation errors (no more \u0026quot;no schema found\u0026quot; or success noise)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elychee\u003c/strong\u003e: removed the deprecated \u003ccode\u003eexclude_mail\u003c/code\u003e option (no longer supported by lychee upstream)\u003c/li\u003e\n\u003cli\u003eFaster image pulls: several linters (Lua/StyLua arm64, clj-kondo, kubescape, ls-lint, dotenv-linter) now use pre-built Alpine binaries instead of compiling from source\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExclude \u003ccode\u003eREPORT_OUTPUT_FOLDER\u003c/code\u003e from linting when configured as an absolute path inside the workspace (e.g. \u003ccode\u003e/tmp/lint/megalinter-reports\u003c/code\u003e), fixing \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7845\"\u003e#7845\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Docker pull counters in README badges and \u003ccode\u003eflavors-stats.json\u003c/code\u003e with latest ghcr.io stats\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDev\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.3.1 to \u003cstrong\u003e26.5.0\u003c/strong\u003e on 2026-05-16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyMorganz/StyLua\"\u003estylua\u003c/a\u003e from 2.4.1 to \u003cstrong\u003e2.5.2\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://developer.hashicorp.com/terraform/cli/commands/fmt\"\u003eterraform-fmt\u003c/a\u003e from 1.15.2 to \u003cstrong\u003e1.15.3\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kucherenko/jscpd/tree/master/apps/jscpd\"\u003ejscpd\u003c/a\u003e from 4.1.1 to \u003cstrong\u003e4.2.0\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://stylelint.io\"\u003estylelint\u003c/a\u003e from 17.11.0 to \u003cstrong\u003e17.11.1\u003c/strong\u003e on 2026-05-17\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003e\u003ccode\u003e0e3ce9b\u003c/code\u003e\u003c/a\u003e Fix release workflows.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e132b1a1d0299a35d37f6d4241345ae86e45f80\"\u003e\u003ccode\u003e3e132b1\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbb7fe9472c5760dc8d6cf9a1cffa99e4a9dd6f8\"\u003e\u003ccode\u003ecbb7fe9\u003c/code\u003e\u003c/a\u003e Doc + prepare 9.5.0 release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7836\"\u003e#7836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/29bcf10da815e2b4072c93ae833ab010e184f6d7\"\u003e\u003ccode\u003e29bcf10\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ed753c53174edffd84920aa2c05793a03af9f5ad\"\u003e\u003ccode\u003eed753c5\u003c/code\u003e\u003c/a\u003e chore(deps): update jdkato/vale docker tag to v3.14.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e04f20258b97552653a906527bad0a907d1572a5\"\u003e\u003ccode\u003ee04f202\u003c/code\u003e\u003c/a\u003e feat: implement user notifications system and replace migration warnings (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/54bfad8bbcf5707cba9a334ddada4e1fd71ceda5\"\u003e\u003ccode\u003e54bfad8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency \u003ccode\u003e@​stoplight/spectral-cli\u003c/code\u003e to v6.16.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/f809408c51aecf0793071061375cbf9cff38e15a\"\u003e\u003ccode\u003ef809408\u003c/code\u003e\u003c/a\u003e Eslint legacy detection \u0026amp; warning (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7831\"\u003e#7831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6725b65299232777db241b1d0e2e69c3842ffe60\"\u003e\u003ccode\u003e6725b65\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cbcc02fe28b6adbb0c0b798de1572b6cb751be16\"\u003e\u003ccode\u003ecbcc02f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.93 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/8fbdead70d1409964ab3d5afa885e18ee85388bb...0e3ce9b9c8c10effb9b269509cc47ca17cae31c7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `SonarSource/sonarqube-scan-action` from 7.1.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sonarsource/sonarqube-scan-action/releases\"\u003eSonarSource/sonarqube-scan-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking change\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSQSCANGHA-145 Set skipSignatureVerification default value to false by \u003ca href=\"https://github.com/antoine-vinot-sonarsource\"\u003e\u003ccode\u003e@​antoine-vinot-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/241\"\u003eSonarSource/sonarqube-scan-action#241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/compare/v7...v8.0.0\"\u003ehttps://github.com/SonarSource/sonarqube-scan-action/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSQSCANGHA-140 Set skipSignatureVerification default value to true to avoid breaking change by \u003ca href=\"https://github.com/gmmcal\"\u003e\u003ccode\u003e@​gmmcal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/240\"\u003eSonarSource/sonarqube-scan-action#240\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.1\"\u003ehttps://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/226\"\u003eSonarSource/sonarqube-scan-action#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSC-45750 Migrate to dateless license headers by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/229\"\u003eSonarSource/sonarqube-scan-action#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSQSCANGHA-134 Upgrade the libraries to latest version by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/227\"\u003eSonarSource/sonarqube-scan-action#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSQSCANGHA-138 Update dist and add ci test by \u003ca href=\"https://github.com/antoine-vinot-sonarsource\"\u003e\u003ccode\u003e@​antoine-vinot-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/233\"\u003eSonarSource/sonarqube-scan-action#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSQSCANGHA-140 Add OpenPGP signature verification for scanner downloads by \u003ca href=\"https://github.com/claire-villard-sonarsource\"\u003e\u003ccode\u003e@​claire-villard-sonarsource\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SonarSource/sonarqube-scan-action/pull/235\"\u003eSonarSource/sonarqube-scan-action#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.0\"\u003ehttps://github.com/SonarSource/sonarqube-scan-action/compare/v7...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/59db25f34e16620e48ab4bb9e4a5dce155cb5432\"\u003e\u003ccode\u003e59db25f\u003c/code\u003e\u003c/a\u003e SQSCANGHA-145 Set skipSignatureVerification default value to false (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/ca30b65f4ea9f033b8a6fc0ffc9816a562d13f55\"\u003e\u003ccode\u003eca30b65\u003c/code\u003e\u003c/a\u003e SQSCANGHA-143 SubmitReview: Use Vault token (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/238\"\u003e#238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/c7ee0f9df90b7aa20e8dcf9695dcfe2e7da5b4f2\"\u003e\u003ccode\u003ec7ee0f9\u003c/code\u003e\u003c/a\u003e SQSCANGHA-140 Set skipSignatureVerification default value to true to avoid br...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/55e44800a8f495208cce6e4e82f5dedb45fcf0ef\"\u003e\u003ccode\u003e55e4480\u003c/code\u003e\u003c/a\u003e SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/30dbe5c9eeccb106afb2590dcb61f7a05ffbee14\"\u003e\u003ccode\u003e30dbe5c\u003c/code\u003e\u003c/a\u003e SQSCANGHA-138 Update dist and add ci test (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/233\"\u003e#233\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/c8357220fa7152a7881d87dcaefafbd129e37cb9\"\u003e\u003ccode\u003ec835722\u003c/code\u003e\u003c/a\u003e SQSCANGHA-134 Upgrade the libraries to latest version (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/f00de44f574073760c9deaf47f694e10431f3988\"\u003e\u003ccode\u003ef00de44\u003c/code\u003e\u003c/a\u003e SC-45750 Migrate to dateless license headers (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/f099b441665cb71b0414100cfaf6d835492cee5f\"\u003e\u003ccode\u003ef099b44\u003c/code\u003e\u003c/a\u003e SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonarSource/sonarqube-scan-action/commit/d899ed299620f557b0175710b8dedbdd7c31213d\"\u003e\u003ccode\u003ed899ed2\u003c/code\u003e\u003c/a\u003e BUILD-10861 Dependabot 5-day cooldown + internal excludes (\u003ca href=\"https://redirect.github.com/sonarsource/sonarqube-scan-action/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sonarsource/sonarqube-scan-action/compare/299e4b793aaa83bf2aba7c9c14bedbb485688ec4...59db25f34e16620e48ab4bb9e4a5dce155cb5432\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/peter-evans/create-pull-request/releases\"\u003epeter-evans/create-pull-request's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCreate Pull Request v8.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump the npm group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4305\"\u003epeter-evans/create-pull-request#4305\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4311\"\u003epeter-evans/create-pull-request#4311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the github-actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4316\"\u003epeter-evans/create-pull-request#4316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jest-environment-jsdom by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4323\"\u003epeter-evans/create-pull-request#4323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump undici from 6.23.0 to 6.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4328\"\u003epeter-evans/create-pull-request#4328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump flatted from 3.3.1 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4334\"\u003epeter-evans/create-pull-request#4334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump picomatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4339\"\u003epeter-evans/create-pull-request#4339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4344\"\u003epeter-evans/create-pull-request#4344\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the npm group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4349\"\u003epeter-evans/create-pull-request#4349\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: retry post-creation API calls on 422 eventual consistency errors by \u003ca href=\"https://github.com/peter-evans\"\u003e\u003ccode\u003e@​peter-evans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/pull/4356\"\u003epeter-evans/create-pull-request#4356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1\"\u003ehttps://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/5f6978faf089d4d20b00c7766989d076bb2fc7f1\"\u003e\u003ccode\u003e5f6978f\u003c/code\u003e\u003c/a\u003e fix: retry post-creation API calls on 422 eventual consistency errors (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4356\"\u003e#4356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/d32e88dac789dcc7906e7d26f69f24116fa9c97d\"\u003e\u003ccode\u003ed32e88d\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump the npm group with 3 updates (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4349\"\u003e#4349\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/8170bccad11c0df62542c04dcaefe36d342dfd39\"\u003e\u003ccode\u003e8170bcc\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4344\"\u003e#4344\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/00418193b417f888dbf1d993c5c0d31d27fdc7de\"\u003e\u003ccode\u003e0041819\u003c/code\u003e\u003c/a\u003e build(deps): bump picomatch (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4339\"\u003e#4339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/b993918c8536b6d44706130734d5456879762b27\"\u003e\u003ccode\u003eb993918\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4334\"\u003e#4334\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/36d7c8468b48f9c2f8f29e260e82f10d4b90d2bd\"\u003e\u003ccode\u003e36d7c84\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump undici from 6.23.0 to 6.24.0 (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4328\"\u003e#4328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/a45d1fb447fcaf601166e405fd4f335cde1a8aa8\"\u003e\u003ccode\u003ea45d1fb\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jest-environment-jsdom (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4323\"\u003e#4323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/3499eb61835cc0015c0b786e203d74b1e8f55e43\"\u003e\u003ccode\u003e3499eb6\u003c/code\u003e\u003c/a\u003e build(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/3f3b473b8c148f5a7520efb4d1f9a70eea3d9d1f\"\u003e\u003ccode\u003e3f3b473\u003c/code\u003e\u003c/a\u003e build(deps): bump minimatch (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4311\"\u003e#4311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peter-evans/create-pull-request/commit/6699836a213cf8b28c4f0408a404a6ac79d4458a\"\u003e\u003ccode\u003e6699836\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump the npm group with 2 updates (\u003ca href=\"https://redirect.github.com/peter-evans/create-pull-request/issues/4305\"\u003e#4305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jan-guenter/squid4win/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jan-guenter%2Fsquid4win/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"3205785aa2df3d439da937292a712b07ed6ecc03","update_type":null,"path":null,"pr_created_at":"2026-05-12T05:30:37.000Z","version_change":"32ce86e7362f1bd71e0d165a0b35864701e8dc56 → 3205785aa2df3d439da937292a712b07ed6ecc03","issue":{"uuid":"4426460807","node_id":"PR_kwDOEKuYws7aiMlS","number":435,"state":"open","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 3205785aa2df3d439da937292a712b07ed6ecc03","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T05:30:37.000Z","updated_at":"2026-05-12T05:33:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"3205785aa2df3d439da937292a712b07ed6ecc03","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 3205785aa2df3d439da937292a712b07ed6ecc03.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: add \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003emore default hidden environment variables\u003c/a\u003e, so in case one of the 100+ linters is hacked, the attacker won't get your secrets anyway\u003c/li\u003e\n\u003cli\u003eUpgrade GO version to 1.26.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eosv-scanner (trivy-like security linter, by Google)\u003c/li\u003e\n\u003cli\u003eAdd \u003ca href=\"https://docs.zizmor.sh/\"\u003ezizmor\u003c/a\u003e GitHub Actions static analysis.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable KICS until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable spectral which is crashing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-enabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRe-enable trivy (v0.70.0) now that the supply chain security incident (GHSA-69fq-xp46-6x23) is resolved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ev8r (JSON/YAML schema validation): filter output to show only validation errors, suppressing \u0026quot;no schema found\u0026quot; info and success messages\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix ConsoleLinterReporter to display log sections for all linters (not just errors)\u003c/li\u003e\n\u003cli\u003eFix ConsoleReporter to output results table and reporters logs after linters run\u003c/li\u003e\n\u003cli\u003eProduce linter console reports sequentially in main process for parallel runs to avoid interleaved CI log sections\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable comment reporters (GitHub, GitLab, Azure DevOps, Bitbucket) when running MegaLinter from Jenkins CI\u003c/li\u003e\n\u003cli\u003eFix: use \u003ccode\u003econfig.get()\u003c/code\u003e instead of \u003ccode\u003eos.environ.get()\u003c/code\u003e for \u003ccode\u003eGITHUB_REF\u003c/code\u003e in GithubCommentReporter\u003c/li\u003e\n\u003cli\u003eGitlabCommentReporter now activates when \u003ccode\u003eGITLAB_ACCESS_TOKEN_MEGALINTER\u003c/code\u003e is set (no longer requires \u003ccode\u003eCI_JOB_TOKEN\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eBitbucketCommentReporter: render per-linter sections as \u003ccode\u003e###\u003c/code\u003e headings instead of \u003ccode\u003e\u0026lt;details\u0026gt;/\u0026lt;summary\u0026gt;\u003c/code\u003e, since Bitbucket Cloud markdown strips raw HTML and was displaying the tags as literal text\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate copilot-instructions into Claude Code Agents \u0026amp; Skills\u003c/li\u003e\n\u003cli\u003eAdd documentation for \u003ca href=\"https://github.com/DownAtTheBottomOfTheMoleHole/megalinter-ado\"\u003emegalinter-ado\u003c/a\u003e Azure DevOps extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3205785aa2df3d439da937292a712b07ed6ecc03\"\u003e\u003ccode\u003e3205785\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.8.3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7740\"\u003e#7740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3c93c030e151a2fbf6a0de34d789f829369d986a\"\u003e\u003ccode\u003e3c93c03\u003c/code\u003e\u003c/a\u003e feat: enhance BitbucketCommentReporter to support markdown rendering adjustme...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ec54dd4a3ae90672af841193a3f454559a9db886\"\u003e\u003ccode\u003eec54dd4\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edae58b57ea2941d816326fa750bd461acdd20bc\"\u003e\u003ccode\u003eedae58b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fs-extra to v11.3.5 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7738\"\u003e#7738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ac4d7682df78a0c6e28fbf3b2504a52e6b21195b\"\u003e\u003ccode\u003eac4d768\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langchain_mistralai to v1.1.4 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7739\"\u003e#7739\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3e1ac3fa3e1764bba22f7f4c607a354ebf269d64\"\u003e\u003ccode\u003e3e1ac3f\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency orjson to v3.11.9 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7741\"\u003e#7741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bf7f11339dd99c00252a427314f2a33e582f5fbe\"\u003e\u003ccode\u003ebf7f113\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency pip to v26.1.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7742\"\u003e#7742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/d9f6977a0fefc5859998c800b3b7dd8693209545\"\u003e\u003ccode\u003ed9f6977\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7722\"\u003e#7722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/326d416caee2591229e09020feac2eb332cd60bf\"\u003e\u003ccode\u003e326d416\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency bartlett/sarif-php-converters to v1.6.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7750\"\u003e#7750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9d48bbe2d99ed902838330b93402d9b950802b27\"\u003e\u003ccode\u003e9d48bbe\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.12 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7745\"\u003e#7745\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...3205785aa2df3d439da937292a712b07ed6ecc03\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/435","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/435","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/435/packages"}},{"old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30","update_type":null,"path":null,"pr_created_at":"2026-04-28T02:13:58.000Z","version_change":"32ce86e7362f1bd71e0d165a0b35864701e8dc56 → 345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30","issue":{"uuid":"4340091754","node_id":"PR_kwDOEKuYws7WLUkQ","number":431,"state":"closed","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-05T02:41:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-28T02:13:58.000Z","updated_at":"2026-05-05T02:41:31.000Z","time_to_close":606451,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: add \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003emore default hidden environment variables\u003c/a\u003e, so in case one of the 100+ linters is hacked, the attacker won't get your secrets anyway\u003c/li\u003e\n\u003cli\u003eUpgrade GO version to 1.26.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eosv-scanner (trivy-like security linter, by Google)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable KICS until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable spectral which is crashing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix linter output by section in Console reporter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate copilot-instructions into Claude Code Agents \u0026amp; Skills\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003cli\u003eRun ARM linter jobs only if the latest commit message contains \u0026quot;ARM\u0026quot; (to avoid 200 jobs for each PR)\u003c/li\u003e\n\u003cli\u003ePrevent MegaLinter to push a new commit if the only updates are on markdown files\u003c/li\u003e\n\u003cli\u003eActivate osv-scanner on own sources\u003c/li\u003e\n\u003cli\u003eExclude test dependencies from dependabot\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30\"\u003e\u003ccode\u003e345bd23\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7653\"\u003e#7653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bcd6e7974afb35f4c168122c15e7fc558e7229cf\"\u003e\u003ccode\u003ebcd6e79\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency phpstan/phpstan to v2.1.51 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7651\"\u003e#7651\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8e25704ebb3a06ccee136c6a726c1fad8db7a61d\"\u003e\u003ccode\u003e8e25704\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency powershell/powershell to v7.6.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7652\"\u003e#7652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/6d3eed256f1b77c3973c112bca7f7177444e622b\"\u003e\u003ccode\u003e6d3eed2\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7640\"\u003e#7640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5c2b5c2e768c606913c7beca0fd793bbf57e1704\"\u003e\u003ccode\u003e5c2b5c2\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-openai from 1.1.16 to 1.2.1 in /.config/python/de...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/0038a45ae032f4e05e894f0a2b165c6aeb077e4f\"\u003e\u003ccode\u003e0038a45\u003c/code\u003e\u003c/a\u003e chore(deps): bump langsmith from 0.7.35 to 0.7.36 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7648\"\u003e#7648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/960e681ff9bdc75f8b6ca4f5d2e8656a5d4929b7\"\u003e\u003ccode\u003e960e681\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7643\"\u003e#7643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4ce0bf29e16d1fba1f2a1a6f8e3bf10f643319fa\"\u003e\u003ccode\u003e4ce0bf2\u003c/code\u003e\u003c/a\u003e chore(deps): bump uvicorn from 0.44.0 to 0.46.0 in /server (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/124478ef123e61a1144610b09625364a61ab096f\"\u003e\u003ccode\u003e124478e\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency langsmith to v0.7.36 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7641\"\u003e#7641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/d25dcb8de9e7126d67af064a1d302ab6eee30329\"\u003e\u003ccode\u003ed25dcb8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.136.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7638\"\u003e#7638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...345bd23a8d8ad1ca8cf55fb7dcbcf2094751cc30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/431","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/431","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/431/packages"}},{"old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"029d37a3499a0b2d27ed6624c6275b48958cd197","update_type":null,"path":null,"pr_created_at":"2026-04-21T00:27:29.000Z","version_change":"32ce86e7362f1bd71e0d165a0b35864701e8dc56 → 029d37a3499a0b2d27ed6624c6275b48958cd197","issue":{"uuid":"4299495140","node_id":"PR_kwDOEKuYws7UJDYH","number":430,"state":"open","title":"Bump oxsecurity/megalinter from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 029d37a3499a0b2d27ed6624c6275b48958cd197","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T00:27:29.000Z","updated_at":"2026-04-21T00:29:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","new_version":"029d37a3499a0b2d27ed6624c6275b48958cd197","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 32ce86e7362f1bd71e0d165a0b35864701e8dc56 to 029d37a3499a0b2d27ed6624c6275b48958cd197.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: add \u003ca href=\"https://megalinter.io/beta/config-variables-security/\"\u003emore default hidden environment variables\u003c/a\u003e, so in case one of the 100+ linters is hacked, the attacker won't get your secrets anyway\u003c/li\u003e\n\u003cli\u003eUpgrade GO version to 1.26.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eosv-scanner (trivy-like security linter, by Google)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003cli\u003eDisable spectral which is crashing\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003cli\u003eRun ARM linter jobs only if the latest commit message contains \u0026quot;ARM\u0026quot; (to avoid 200 jobs for each PR)\u003c/li\u003e\n\u003cli\u003ePrevent MegaLinter to push a new commit if the only updates are on markdown files\u003c/li\u003e\n\u003cli\u003eActivate osv-scanner on own sources\u003c/li\u003e\n\u003cli\u003eExclude test dependencies from dependabot\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/029d37a3499a0b2d27ed6624c6275b48958cd197\"\u003e\u003ccode\u003e029d37a\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7620\"\u003e#7620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/e31ced1c2437dc778aa301f64d320fe4a0cff6e8\"\u003e\u003ccode\u003ee31ced1\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency stylelint to v17 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7075\"\u003e#7075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/65ca6f0c92bec4f731e9225824ffdc42631eb95b\"\u003e\u003ccode\u003e65ca6f0\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7618\"\u003e#7618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/c52b734c6f1cb345c95208db5409b8628d8a7f66\"\u003e\u003ccode\u003ec52b734\u003c/code\u003e\u003c/a\u003e Fix YAML_V8R_CONFIG_FILE / JSON_V8R_CONFIG_FILE not recognized (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7617\"\u003e#7617\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8f52fa3274e2efa7105643755668023cc04f35de\"\u003e\u003ccode\u003e8f52fa3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.75 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7619\"\u003e#7619\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/bc8676e92f0cf9a6e5776fc7aaf48ae9689226fe\"\u003e\u003ccode\u003ebc8676e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langsmith from 0.7.31 to 0.7.32 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7610\"\u003e#7610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9e59d9a85248c585afa398a5e4f30157880eca8f\"\u003e\u003ccode\u003e9e59d9a\u003c/code\u003e\u003c/a\u003e chore(deps): bump orjson from 3.11.7 to 3.11.8 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7609\"\u003e#7609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b0caad733eabc85304295104e2eb6a2efd4b8bab\"\u003e\u003ccode\u003eb0caad7\u003c/code\u003e\u003c/a\u003e chore(deps): bump aiohttp from 3.13.4 to 3.13.5 in /.config/python/dev (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7611\"\u003e#7611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/5aeb15a256eb0d0b1c4d8966fef774af354f9be6\"\u003e\u003ccode\u003e5aeb15a\u003c/code\u003e\u003c/a\u003e Activate osv-scanner and configure exclusions (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7607\"\u003e#7607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07b1ac50107b0cf7220ddf31cf0c6a4f214c4df8\"\u003e\u003ccode\u003e07b1ac5\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7599\"\u003e#7599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/32ce86e7362f1bd71e0d165a0b35864701e8dc56...029d37a3499a0b2d27ed6624c6275b48958cd197\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/430","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/430","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/430/packages"}},{"old_version":"7","new_version":"9","update_type":null,"path":null,"pr_created_at":"2026-04-14T11:27:42.000Z","version_change":"7 → 9","issue":{"uuid":"4261702379","node_id":"PR_kwDON8KNQc7SSaDU","number":171,"state":"closed","title":"chore(deps): bump oxsecurity/megalinter from 7 to 9","user":"dependabot[bot]","labels":["dependencies","github-actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-14T11:28:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-14T11:27:42.000Z","updated_at":"2026-04-14T11:28:46.000Z","time_to_close":62,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"7","new_version":"9","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 7 to 9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCreate your own \u003cstrong\u003eMegalinter Custom Flavors\u003c/strong\u003e to dramatically improve your performances\n\u003cul\u003e\n\u003cli\u003eSee \u003ca href=\"https://megalinter.io/beta/custom-flavors/\"\u003edocumentation\u003c/a\u003e for usage\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003enpx mega-linter-runner@beta --custom-flavor-setup\u003c/code\u003e to initialize repo\u003c/li\u003e\n\u003cli\u003eSuggest new flavors in reporters with a mega-linter-runner including the list of linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eNew \u003cstrong\u003eLLM Advisor\u003c/strong\u003e: call external LLMs to get hints to solve linter errors, available in:\n\u003cul\u003e\n\u003cli\u003eConsole Reporter\u003c/li\u003e\n\u003cli\u003eText Reporter\u003c/li\u003e\n\u003cli\u003eGit platforms PR/MR comments Reporter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUse ghcr.io docker images by default because of rate limits on docker.io\u003c/li\u003e\n\u003cli\u003eUse uv to create the venv folder for pip-installed linters\u003c/li\u003e\n\u003cli\u003eAdd copilot instructions for GitHub Copilot\u003c/li\u003e\n\u003cli\u003eUpdate base image to python:3.13-alpine3.21 (also embeds go 1.24)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/puppet_puppet_lint/\"\u003epuppet-lint\u003c/a\u003e: Disabled Until fix is provided for \u003ca href=\"https://redirect.github.com/puppetlabs/puppet-lint/issues/251\"\u003epuppetlabs/puppet-lint#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/repository_checkov/\"\u003echeckov\u003c/a\u003e: Disabled until fix is provided for \u003ca href=\"https://redirect.github.com/bridgecrewio/checkov/issues/7263\"\u003ebridgecrewio/checkov#7263\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emarkdown-link-check\u003c/strong\u003e has been removed because \u003ca href=\"https://megalinter.io/latest/descriptors/spell_lychee/\"\u003e\u003cstrong\u003elychee\u003c/strong\u003e\u003c/a\u003e can be used instead, and has much better performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePHP-CS-Fixer is able to run on PHP 8.4 without error (change default configuration) by \u003ca href=\"https://github.com/llaville\"\u003e\u003ccode\u003e@​llaville\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/latest/descriptors/spell_cspell/\"\u003ecspell\u003c/a\u003e: Filter output lines that do not contain found issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/latest/descriptors/docker_hadolint/\"\u003ehadolint\u003c/a\u003e: Extend DOCKERFILE_HADOLINT_FILE_NAMES_REGEX to include the \u003ccode\u003epurpose.Dockerfile\u003c/code\u003e convention eg service.Dockerfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/sql_sqlfluff/\"\u003esqlfluff\u003c/a\u003e: Handle fixing of issues\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWhen linter is docker based, force \u003ccode\u003e--platform=linux/amd64\u003c/code\u003e so it works when running locally on Mac\u003c/li\u003e\n\u003cli\u003eAdded checking of \u003ccode\u003e*.pyi\u003c/code\u003e and \u003ccode\u003e*.ipynb\u003c/code\u003e files to the \u003ccode\u003eruff\u003c/code\u003e and \u003ccode\u003eruff-format\u003c/code\u003e linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNew default display for Pull Request comments, with expandable sections containing the first 1000 lines of the output log. Former display remains available by defining \u003ccode\u003eREPORTERS_MARKDOWN_SUMMARY_TYPE=table\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMarkdown summary reporter:\n\u003cul\u003e\n\u003cli\u003eWrite a file for Github integration if GITHUB_STEP_SUMMARY is set\u003c/li\u003e\n\u003cli\u003eTruncate less linter output lines\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eText reporter: Change the output file names to put the linter name first, then the status\u003c/li\u003e\n\u003cli\u003eEnhance display of markdown summary\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate documentation in all megalinter descriptor files to improve accuracy and consistency\u003c/li\u003e\n\u003cli\u003eFix incorrect information in linters documentation and descriptors\u003c/li\u003e\n\u003cli\u003eRemove dead links\u003c/li\u003e\n\u003cli\u003eAdd linter description (linter_text) in all linter descriptor, to generate a more exhaustive documentation.\u003c/li\u003e\n\u003cli\u003eUpdate contributing guide to explain how to manage python dependencies in the codebase\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v9.2.0] - 2025-11-29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/code-analyzer.html\"\u003eSalesforce Code Analyzer\u003c/a\u003e, by \u003ca href=\"https://github.com/abdeslamads\"\u003e\u003ccode\u003e@​abdeslamads\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/salesforce_code_analyzer_apex/\"\u003eSALESFORCE_CODE_ANALYZER_APEX\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/salesforce_code_analyzer_aura/\"\u003eSALESFORCE_CODE_ANALYZER_AURA\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://megalinter.io/beta/descriptors/salesforce_code_analyzer_lwc/\"\u003eSALESFORCE_CODE_ANALYZER_LWC\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReactivate \u003ca href=\"https://megalinter.io/beta/descriptors/repository_checkov/\"\u003echeckov\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ca href=\"https://megalinter.io/latest/descriptors/terraform_terrascan/\"\u003eterrascan\u003c/a\u003e as the project is discontinued. Will be completely removed in a future version.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSALESFORCE_SFDX_SCANNER_*\u003c/code\u003e linters have been deprecated and will be removed in a future version. (they are replaced by \u003ccode\u003eSALESFORCE_CODE_ANALYZER_*\u003c/code\u003e linters)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://medium.com/@SeasonedDeveloper/looking-for-the-best-ci-cd-pipeline-linting-tool-try-megalinter-d89c9eba850d\"\u003eLooking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!\u003c/a\u003e, by \u003ca href=\"https://medium.com/@SeasonedDeveloper\"\u003eSeasoned Developer\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.youtube.com/watch?v=0JGusPYE4zc\"\u003e(Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions\u003c/a\u003e, by \u003ca href=\"https://www.youtube.com/@CanaldotNET\"\u003eCanal dotNET\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInstall dotenv-linter deterministically, by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6385\"\u003eoxsecurity/megalinter#6385\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6544\"\u003e#6544\u003c/a\u003e: Add GITHUB_TOKEN in docker build command for custom flavor\u003c/li\u003e\n\u003cli\u003eHide warning when compiling a regex\u003c/li\u003e\n\u003cli\u003eFix formatting in descriptor files to reduce changes in generated markdown, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6449\"\u003eoxsecurity/megalinter#6449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd conversion from Jenkins variables to related Git based reporters variables\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eKeep jsonschema html docs updated when using \u003ccode\u003ebuild.py --doc\u003c/code\u003e, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6447\"\u003eoxsecurity/megalinter#6447\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCommit updated license info generated from build script by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6448\"\u003eoxsecurity/megalinter#6448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRecreate docs/descriptors folder, delete old pages by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6451\"\u003eoxsecurity/megalinter#6451\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GITHUB_TOKEN in docker buildx build command for custom flavor, by \u003ca href=\"https://github.com/davidfevre-gouv-nc\"\u003e\u003ccode\u003e@​davidfevre-gouv-nc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6545\"\u003eoxsecurity/megalinter#6545\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize performances of standalone linters releases\u003c/li\u003e\n\u003cli\u003eRenovate: Add langchain group for package updates, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6400\"\u003eoxsecurity/megalinter#6400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor file handling in build.py to use pathlib for improved readability, by \u003ca href=\"https://github.com/echoix\"\u003e\u003ccode\u003e@​echoix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/pull/6450\"\u003eoxsecurity/megalinter#6450\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHandle upgrade of stefanzweifel/git-auto-commit-action to v7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (53)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://rhysd.github.io/actionlint/\"\u003eactionlint\u003c/a\u003e from 1.7.7 to \u003cstrong\u003e1.7.9\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://ansible-lint.readthedocs.io/\"\u003eansible-lint\u003c/a\u003e from 25.9.1 to \u003cstrong\u003e25.11.1\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bandit.readthedocs.io/en/latest/\"\u003ebandit\u003c/a\u003e from 1.8.6 to \u003cstrong\u003e1.9.2\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/v7...v9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oxsecurity/megalinter\u0026package-manager=github_actions\u0026previous-version=7\u0026new-version=9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/camaraproject/tooling/pull/171","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/camaraproject%2Ftooling/issues/171","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/171/packages"}},{"old_version":"9.3.0","new_version":"9.4.0","update_type":"minor","path":null,"pr_created_at":"2026-04-10T12:14:47.000Z","version_change":"9.3.0 → 9.4.0","issue":{"uuid":"4239073719","node_id":"PR_kwDOOIgArs7RcOrw","number":64,"state":"closed","title":"Bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["chore","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-17T12:14:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T12:14:47.000Z","updated_at":"2026-04-17T12:14:50.000Z","time_to_close":604801,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":5,"packages":[{"name":"oxsecurity/megalinter","old_version":"9.3.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/download-artifact","old_version":"8.0.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"pypa/gh-action-pypi-publish","old_version":"1.13.0","new_version":"1.14.0","repository_url":"https://github.com/pypa/gh-action-pypi-publish"},{"name":"codecov/codecov-action","old_version":"5.5.2","new_version":"6.0.0","repository_url":"https://github.com/codecov/codecov-action"},{"name":"release-drafter/release-drafter","old_version":"6.2.0","new_version":"7.2.0","repository_url":"https://github.com/release-drafter/release-drafter"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.3.0` | `9.4.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` |\n| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` |\n| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `6.2.0` | `7.2.0` |\n\n\nUpdates `oxsecurity/megalinter` from 9.3.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/42bb470545e359597e7f12156947c436e4e3fb9a...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 8.0.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/releases\"\u003epypa/gh-action-pypi-publish's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e✨ What's Changed\u003c/h2\u003e\n\u003cp\u003eThe main change in this release is that \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003eprint-hash\u003c/code\u003e inputs are now on by default. This was contributed by \u003ca href=\"https://github.com/whitequark\"\u003e\u003ccode\u003e@​whitequark\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/whitequark\"\u003e💰\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397\"\u003e#397\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e📝 Docs\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/woodruffw\"\u003e💰\u003c/a\u003e updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388\"\u003e#388\u003c/a\u003e and \u003ca href=\"https://github.com/him2him2\"\u003e\u003ccode\u003e@​him2him2\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/him2him2\"\u003e💰\u003c/a\u003e brushed up some grammar in the README and SECURITY docs via \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395\"\u003e#395\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e🛠️ Internal Updates\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/woodruffw\"\u003e💰\u003c/a\u003e bumped \u003ccode\u003esigstore\u003c/code\u003e and \u003ccode\u003epypi-attestations\u003c/code\u003e in the lock file (\u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/391\"\u003e#391\u003c/a\u003e) and \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/webknjaz\"\u003e💰\u003c/a\u003e added infra for using type annotations in the project (\u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/381\"\u003e#381\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e💪 New Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/him2him2\"\u003e\u003ccode\u003e@​him2him2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395\"\u003e#395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/whitequark\"\u003e\u003ccode\u003e@​whitequark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397\"\u003e#397\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e🪞 Full Diff\u003c/strong\u003e: \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0\"\u003ehttps://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e🧔‍♂️ Release Manager:\u003c/strong\u003e \u003ca href=\"https://github.com/sponsors/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://stand-with-ukraine.pp.ua\"\u003e🇺🇦\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e🙏 Special Thanks\u003c/strong\u003e to \u003ca href=\"https://github.com/facutuesca\"\u003e\u003ccode\u003e@​facutuesca\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/facutuesca\"\u003e💰\u003c/a\u003e and \u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003ca href=\"https://github.com/sponsors/woodruffw\"\u003e💰\u003c/a\u003e for helping maintain this project when \u003ca href=\"https://github.com/sponsors/webknjaz\"\u003eI\u003c/a\u003e can't!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e💬 Discuss\u003c/strong\u003e \u003ca href=\"https://bsky.app/profile/webknjaz.me/post/3mivwsz3qzk2e\"\u003eon Bluesky 🦋\u003c/a\u003e, \u003ca href=\"https://mastodon.social/@webknjaz/116363779997051422\"\u003eon Mastodon 🐘\u003c/a\u003e and \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/discussions/404\"\u003eon GitHub\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sponsors/webknjaz\"\u003e\u003cimg src=\"https://img.shields.io/badge/%40webknjaz-transparent?logo=githubsponsors\u0026amp;logoColor=%23EA4AAA\u0026amp;label=Sponsor\u0026amp;color=2a313c\" alt=\"GH Sponsors badge\" /\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/cef221092ed1bacb1cc03d23a2d87d1d172e277b\"\u003e\u003ccode\u003ecef2210\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397\"\u003e#397\u003c/a\u003e from whitequark/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/b4595e2555a031e2fd6f0bbded4e7918eaa2724e\"\u003e\u003ccode\u003eb4595e2\u003c/code\u003e\u003c/a\u003e Enable \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003eprint-hash\u003c/code\u003e by default.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/e2bab26859796ee5c3bf97b8f394ce1e6570e906\"\u003e\u003ccode\u003ee2bab26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395\"\u003e#395\u003c/a\u003e from him2him2/docs/fix-typos-and-grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/7495c384ec7a0240a28e568e7ffc60af1629585d\"\u003e\u003ccode\u003e7495c38\u003c/code\u003e\u003c/a\u003e docs: fix typos and grammar in README and SECURITY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/03f86fee9ac21f854951f5c6e2a02c2a1324aec7\"\u003e\u003ccode\u003e03f86fe\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388\"\u003e#388\u003c/a\u003e from woodruffw-forks/ww/rm-experimental\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/4c78f1c53c55c528d8abd83df933ae92bd4c1d8c\"\u003e\u003ccode\u003e4c78f1c\u003c/code\u003e\u003c/a\u003e Merge branch 'unstable/v1' into ww/rm-experimental\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/b5a6e8ba2611ad0c810f383eed9e6629eb0b3b2f\"\u003e\u003ccode\u003eb5a6e8b\u003c/code\u003e\u003c/a\u003e deps: bump sigstore and pypi-attestations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/a48a03e758da35722b0d159dae23e0440d0fcce2\"\u003e\u003ccode\u003ea48a03e\u003c/code\u003e\u003c/a\u003e remove another experimental mention\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/8087a88a46924f78608905d7841a170e749524ce\"\u003e\u003ccode\u003e8087a88\u003c/code\u003e\u003c/a\u003e action: remove a lingering mention of PEP 740 being experimental\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/commit/3317ede93a4981d0fc490510c6fcf8bf0e92ed05\"\u003e\u003ccode\u003e3317ede\u003c/code\u003e\u003c/a\u003e 🧪 Integrate actionlint via pre-commit framework\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/gh-action-pypi-publish/compare/ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e...cef221092ed1bacb1cc03d23a2d87d1d172e277b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 5.5.2 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/github-script from 7.0.1 to 8.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1874\"\u003ecodecov/codecov-action#1874\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): bump to 5.5.3 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1922\"\u003ecodecov/codecov-action#1922\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003e\u003ccode\u003e57e3a13\u003c/code\u003e\u003c/a\u003e Th/6.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1928\"\u003e#1928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/f67d33dda8a42b51c42a8318a1f66468119e898b\"\u003e\u003ccode\u003ef67d33d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/75cd11691c0faa626561e295848008c8a7dddffe\"\u003e\u003ccode\u003e75cd116\u003c/code\u003e\u003c/a\u003e chore(release): 5.5.4 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1927\"\u003e#1927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/87d39f4a2cec2673cf9505764fb20a38792ea722\"\u003e\u003ccode\u003e87d39f4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/1af58845a975a7985b0beb0cbe6fbbb71a41dbad\"\u003e\u003ccode\u003e1af5884\u003c/code\u003e\u003c/a\u003e chore(release): bump to 5.5.3 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1922\"\u003e#1922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/c143300dea6c9a730986ff862c5bf4d458927ef8\"\u003e\u003ccode\u003ec143300\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1874\"\u003e#1874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `release-drafter/release-drafter` from 6.2.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/release-drafter/release-drafter/releases\"\u003erelease-drafter/release-drafter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow always collapsing a category (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1444\"\u003e#1444\u003c/a\u003e) \u003ca href=\"https://github.com/mhanberg\"\u003e\u003ccode\u003e@​mhanberg\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: improve advanced substitutions in replacers (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1555\"\u003e#1555\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support repo-only _extends and prevent .github/ path doubling (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1577\"\u003e#1577\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): update dependency typescript to 6.0.2 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1587\"\u003e#1587\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update vitest to 4.1.4 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1585\"\u003e#1585\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): update peter-evans/create-pull-request action to v8 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1588\"\u003e#1588\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency vite to 8.0.5 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1579\"\u003e#1579\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency nock to 14.0.12 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1583\"\u003e#1583\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to 24.12.2 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1582\"\u003e#1582\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​biomejs/biome\u003c/code\u003e to 2.4.10 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1581\"\u003e#1581\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: move codegen to monthly scheduled workflow (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1578\"\u003e#1578\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: replace vite-tsconfig-paths plugin with native resolve.tsconfigPaths (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1571\"\u003e#1571\u003c/a\u003e) \u003ca href=\"https://github.com/jetersen\"\u003e\u003ccode\u003e@​jetersen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: fix autolabeler example tag (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1568\"\u003e#1568\u003c/a\u003e) \u003ca href=\"https://github.com/cchanche\"\u003e\u003ccode\u003e@​cchanche\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump lodash and \u003ccode\u003e@​graphql-codegen/plugin-helpers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1589\"\u003e#1589\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update dependency \u003ccode\u003e@​actions/github\u003c/code\u003e to 9.1.0 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1586\"\u003e#1586\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency yaml to 2.8.3 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1580\"\u003e#1580\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update node.js to v24.14.1 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1584\"\u003e#1584\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​biomejs/biome\u003c/code\u003e to 2.4.10 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1581\"\u003e#1581\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0\"\u003ehttps://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.1\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: remove disable-releaser and disable-autolabeler from action.yaml (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1564\"\u003e#1564\u003c/a\u003e) \u003ca href=\"https://github.com/cchanche\"\u003e\u003ccode\u003e@​cchanche\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/release-drafter/release-drafter/compare/v7.1.0...v7.1.1\"\u003ehttps://github.com/release-drafter/release-drafter/compare/v7.1.0...v7.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/5de93583980a40bd78603b6dfdcda5b4df377b32\"\u003e\u003ccode\u003e5de9358\u003c/code\u003e\u003c/a\u003e 7.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/e50d61c7deb94fc176ad7d31d7b71f60307829b2\"\u003e\u003ccode\u003ee50d61c\u003c/code\u003e\u003c/a\u003e chore: rebuild dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/d3a61d3b778db0d18c3511a1d8a5585188fdb99f\"\u003e\u003ccode\u003ed3a61d3\u003c/code\u003e\u003c/a\u003e chore: fix npm audit vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/8bfa2791ec73890e3087b933c9db62d0a294a461\"\u003e\u003ccode\u003e8bfa279\u003c/code\u003e\u003c/a\u003e build(deps): bump lodash and \u003ccode\u003e@​graphql-codegen/plugin-helpers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/c2a8a67ac931b548feeee49fe78975bd87720a0e\"\u003e\u003ccode\u003ec2a8a67\u003c/code\u003e\u003c/a\u003e chore: remove engine-strict from .npmrc to fix Dependabot resolution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/e51e4adf1695870d57ae9cf3fa8cc37064d6304d\"\u003e\u003ccode\u003ee51e4ad\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency typescript to 6.0.2 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1587\"\u003e#1587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/0e7bd548468b9ce7f0b082417f6ec32bc47173ae\"\u003e\u003ccode\u003e0e7bd54\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency \u003ccode\u003e@​actions/github\u003c/code\u003e to 9.1.0 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/9c0b0a8cf19d3415f835a04b1987cd2451aaac85\"\u003e\u003ccode\u003e9c0b0a8\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency yaml to 2.8.3 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1580\"\u003e#1580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/b27f820cbc98c923f216e773d35bc7f4e8efd9ed\"\u003e\u003ccode\u003eb27f820\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest to 4.1.4 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1585\"\u003e#1585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/release-drafter/release-drafter/commit/eb9053430f473e03512e92caee9608b0db01ebd7\"\u003e\u003ccode\u003eeb90534\u003c/code\u003e\u003c/a\u003e ci(deps): update peter-evans/create-pull-request action to v8 (\u003ca href=\"https://redirect.github.com/release-drafter/release-drafter/issues/1588\"\u003e#1588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/release-drafter/release-drafter/compare/6db134d15f3909ccc9eefd369f02bd1e9cffdf97...5de93583980a40bd78603b6dfdcda5b4df377b32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/laywill/gimmie/pull/64","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laywill%2Fgimmie/issues/64","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/64/packages"}},{"old_version":"ce48f4c2f110cb802cae5389c5fa1e4390b82e19","new_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","update_type":null,"path":null,"pr_created_at":"2026-04-09T12:41:16.000Z","version_change":"ce48f4c2f110cb802cae5389c5fa1e4390b82e19 → 32ce86e7362f1bd71e0d165a0b35864701e8dc56","issue":{"uuid":"4232271053","node_id":"PR_kwDOPaSNd87RIRAP","number":185,"state":"open","title":"build(deps): bump oxsecurity/megalinter from ce48f4c2f110cb802cae5389c5fa1e4390b82e19 to 32ce86e7362f1bd71e0d165a0b35864701e8dc56","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-09T12:41:16.000Z","updated_at":"2026-04-09T12:43:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oxsecurity/megalinter","old_version":"ce48f4c2f110cb802cae5389c5fa1e4390b82e19","new_version":"32ce86e7362f1bd71e0d165a0b35864701e8dc56","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from ce48f4c2f110cb802cae5389c5fa1e4390b82e19 to 32ce86e7362f1bd71e0d165a0b35864701e8dc56.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/32ce86e7362f1bd71e0d165a0b35864701e8dc56\"\u003e\u003ccode\u003e32ce86e\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7514\"\u003e#7514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/ce48f4c2f110cb802cae5389c5fa1e4390b82e19...32ce86e7362f1bd71e0d165a0b35864701e8dc56\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NanashiTheNameless/serialterminal/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NanashiTheNameless%2Fserialterminal/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"}},{"old_version":"ecd46c44d26083667ce277b942c2dd5758f92cc1","new_version":"a77943c8fc827117446d7fbd7a70fd3f23160bc8","update_type":null,"path":null,"pr_created_at":"2026-04-04T01:07:55.000Z","version_change":"ecd46c44d26083667ce277b942c2dd5758f92cc1 → a77943c8fc827117446d7fbd7a70fd3f23160bc8","issue":{"uuid":"4202845427","node_id":"PR_kwDOQ3Y4V87P5njP","number":25,"state":"open","title":"Bump oxsecurity/megalinter from ecd46c44d26083667ce277b942c2dd5758f92cc1 to a77943c8fc827117446d7fbd7a70fd3f23160bc8","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-04T01:07:55.000Z","updated_at":"2026-04-04T01:09:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"ecd46c44d26083667ce277b942c2dd5758f92cc1","new_version":"a77943c8fc827117446d7fbd7a70fd3f23160bc8","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from ecd46c44d26083667ce277b942c2dd5758f92cc1 to a77943c8fc827117446d7fbd7a70fd3f23160bc8.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003e\u003ccode\u003ea77943c\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7493\"\u003e#7493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/17b279e96770957b09867ff0977571c4a0e1bac5\"\u003e\u003ccode\u003e17b279e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-core from 1.2.22 to 1.2.23 in /.config/python/dev...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/502418a379f1acbd2a3f8b173ac769cc956b3459\"\u003e\u003ccode\u003e502418a\u003c/code\u003e\u003c/a\u003e chore(deps): bump python-gitlab from 8.1.0 to 8.2.0 in /.config/python/dev (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cb0a60d4216b55155014ad213677d9917f9289f0\"\u003e\u003ccode\u003ecb0a60d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jest to v29.15.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7482\"\u003e#7482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/1a98671690c8638a8fe6852d3098ac9c80d0680b\"\u003e\u003ccode\u003e1a98671\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7488\"\u003e#7488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/266c62707c7ee9adfc9812a3df2abb23c1ca61cb\"\u003e\u003ccode\u003e266c627\u003c/code\u003e\u003c/a\u003e feat: build linters for linux/arm64 where possible in deploy-*-linters.yml (#...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/ecd46c44d26083667ce277b942c2dd5758f92cc1...a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NanashiTheNameless/CaiXianlinRemoteIDMonitor/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NanashiTheNameless%2FCaiXianlinRemoteIDMonitor/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"6ad18a5709bb2f0a5a3dd3ef057beff810105fb7","new_version":"a77943c8fc827117446d7fbd7a70fd3f23160bc8","update_type":null,"path":null,"pr_created_at":"2026-03-30T23:40:45.000Z","version_change":"6ad18a5709bb2f0a5a3dd3ef057beff810105fb7 → a77943c8fc827117446d7fbd7a70fd3f23160bc8","issue":{"uuid":"4174697821","node_id":"PR_kwDOEKuYws7OyKlw","number":424,"state":"open","title":"Bump oxsecurity/megalinter from 6ad18a5709bb2f0a5a3dd3ef057beff810105fb7 to a77943c8fc827117446d7fbd7a70fd3f23160bc8","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-30T23:40:45.000Z","updated_at":"2026-03-30T23:42:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oxsecurity/megalinter","old_version":"6ad18a5709bb2f0a5a3dd3ef057beff810105fb7","new_version":"a77943c8fc827117446d7fbd7a70fd3f23160bc8","repository_url":"https://github.com/oxsecurity/megalinter"}],"path":null,"ecosystem":"actions"},"body":"Bumps [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) from 6ad18a5709bb2f0a5a3dd3ef057beff810105fb7 to a77943c8fc827117446d7fbd7a70fd3f23160bc8.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003e\u003ccode\u003ea77943c\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7493\"\u003e#7493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/17b279e96770957b09867ff0977571c4a0e1bac5\"\u003e\u003ccode\u003e17b279e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langchain-core from 1.2.22 to 1.2.23 in /.config/python/dev...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/502418a379f1acbd2a3f8b173ac769cc956b3459\"\u003e\u003ccode\u003e502418a\u003c/code\u003e\u003c/a\u003e chore(deps): bump python-gitlab from 8.1.0 to 8.2.0 in /.config/python/dev (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/cb0a60d4216b55155014ad213677d9917f9289f0\"\u003e\u003ccode\u003ecb0a60d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jest to v29.15.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7482\"\u003e#7482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/1a98671690c8638a8fe6852d3098ac9c80d0680b\"\u003e\u003ccode\u003e1a98671\u003c/code\u003e\u003c/a\u003e chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7488\"\u003e#7488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/266c62707c7ee9adfc9812a3df2abb23c1ca61cb\"\u003e\u003ccode\u003e266c627\u003c/code\u003e\u003c/a\u003e feat: build linters for linux/arm64 where possible in deploy-*-linters.yml (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ecd46c44d26083667ce277b942c2dd5758f92cc1\"\u003e\u003ccode\u003eecd46c4\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency sfdx-hardis to v7.5.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7490\"\u003e#7490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8c4e1545659b66e826648fd7271775932a297dda\"\u003e\u003ccode\u003e8c4e154\u003c/code\u003e\u003c/a\u003e chore(deps): update trufflesecurity/trufflehog docker tag to v3.94.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7489\"\u003e#7489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/63145c770180f3cd4e7948705c85a4afd9d2423c\"\u003e\u003ccode\u003e63145c7\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency snakemake to v9.18.2 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7487\"\u003e#7487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/ca4a2b73b76512ab3192115be80416fa98def12a\"\u003e\u003ccode\u003eca4a2b7\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rust-lang/rust to v1.94.1 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7486\"\u003e#7486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/6ad18a5709bb2f0a5a3dd3ef057beff810105fb7...a77943c8fc827117446d7fbd7a70fd3f23160bc8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/leeter/WinMTR-refresh/pull/424","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leeter%2FWinMTR-refresh/issues/424","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/424/packages"}},{"old_version":"9.2.0","new_version":"9.4.0","update_type":"minor","path":null,"pr_created_at":"2026-03-24T04:17:02.000Z","version_change":"9.2.0 → 9.4.0","issue":{"uuid":"4125130542","node_id":"PR_kwDONYMH5c7M4Je0","number":193,"state":"open","title":"build(deps): bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-24T04:17:02.000Z","updated_at":"2026-03-26T05:06:48.076Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"github-actions","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.14.0","new_version":"2.16.0","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"zizmorcore/zizmor-action","old_version":"0.3.0","new_version":"0.5.2","repository_url":"https://github.com/zizmorcore/zizmor-action"},{"name":"oxsecurity/megalinter","old_version":"9.2.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"hendrikmuhs/ccache-action","old_version":"1.2.20","new_version":"1.2.21","repository_url":"https://github.com/hendrikmuhs/ccache-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.0` | `2.16.0` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.3.0` | `0.5.2` |\n| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.2.0` | `9.4.0` |\n| [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.20` | `1.2.21` |\n\n\nUpdates `step-security/harden-runner` from 2.14.0 to 2.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated action.yml to use node24\u003c/li\u003e\n\u003cli\u003eSecurity fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See \u003ca href=\"https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698\"\u003eGHSA-46g3-37rh-v698\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003eSecurity fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See \u003ca href=\"https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g\"\u003eGHSA-g699-3x6g-wm3g\u003c/a\u003e for details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.15.1...v2.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/642\"\u003estep-security/harden-runner#642\u003c/a\u003e bug due to which post step was failing on Windows ARM runners\u003c/li\u003e\n\u003cli\u003eUpdates npm packages\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.15.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eWindows and macOS runner support\u003c/h3\u003e\n\u003cp\u003eWe are excited to announce that Harden Runner now supports \u003cstrong\u003eWindows and macOS runners\u003c/strong\u003e, extending runtime security beyond Linux for the first time.\u003c/p\u003e\n\u003cp\u003eInsights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eSecurity fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See \u003ca href=\"https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq\"\u003eGHSA-cpmj-h4f6-r6pq\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003eIn some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed npm audit vulnerabilities\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003e\u003ccode\u003efa2e9d6\u003c/code\u003e\u003c/a\u003e Release v2.16.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc\"\u003e\u003ccode\u003e58077d3\u003c/code\u003e\u003c/a\u003e Release v2.15.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/641\"\u003e#641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a90bcbc6539c36a85cdfeb73f7e2f433735f215b\"\u003e\u003ccode\u003ea90bcbc\u003c/code\u003e\u003c/a\u003e Update readme (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/637\"\u003e#637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/f0a59d88538059e010b6ebd90b74e2740a6d05fc\"\u003e\u003ccode\u003ef0a59d8\u003c/code\u003e\u003c/a\u003e Release v2.15.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/639\"\u003e#639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e\"\u003e\u003ccode\u003e5ef0c07\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/635\"\u003e#635\u003c/a\u003e from step-security/rc-34\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/eb43c7b3fd5a30c42ff1ab84b494f1cc6c7cc3b6\"\u003e\u003ccode\u003eeb43c7b\u003c/code\u003e\u003c/a\u003e update agent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/e3f713f2d8f53843e71c69a996d56f51aa9adfb9\"\u003e\u003ccode\u003ee3f713f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/631\"\u003e#631\u003c/a\u003e from step-security/rc-31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/423acdda6fd4f75f197b7c305a3f2e3d700dc00b\"\u003e\u003ccode\u003e423acdd\u003c/code\u003e\u003c/a\u003e chore: fix npm audit vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/0ddb86cf0353b79dbed5bb8cef4103700cea70a7\"\u003e\u003ccode\u003e0ddb86c\u003c/code\u003e\u003c/a\u003e update agent\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.3.0 to 0.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.1 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.0 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExpose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e by \u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.1\u003c/h2\u003e\n\u003cp\u003eThis version fixes an error in the 0.4.0 release that prevented non-relative use\nof the action.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix version file path by \u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/83\"\u003ezizmorcore/zizmor-action#83\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.0\u003c/h2\u003e\n\u003cp\u003eThis new version of \u003ccode\u003ezizmor-action\u003c/code\u003e brings two major changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe new \u003ccode\u003efail-on-no-inputs\u003c/code\u003e option can be used to control whether\n\u003ccode\u003ezizmor-action\u003c/code\u003e fails if no inputs were collected by \u003ccode\u003ezizmor\u003c/code\u003e. The default\nremains \u003ccode\u003etrue\u003c/code\u003e, reflecting the pre-existing behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe action's use of the official \u003ccode\u003ezizmor\u003c/code\u003e Docker images is now fully\nhash-checked internally, preventing accidental or malicious modification\nto the images. This also means that subsequent releases of \u003ccode\u003ezizmor\u003c/code\u003e\nwill induce a release of this action, rather than the action always picking\nup the latest version by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: extended permissions required for internal repos by \u003ca href=\"https://github.com/AntoineSebert\"\u003e\u003ccode\u003e@​AntoineSebert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/61\"\u003ezizmorcore/zizmor-action#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify description of \u0026quot;token\u0026quot; to indicate it is only used for online audits by \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/63\"\u003ezizmorcore/zizmor-action#63\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003e\u003ccode\u003e71321a2\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ed31db0964a9d37608edd5b0675de2b52070662\"\u003e\u003ccode\u003e5ed31db\u003c/code\u003e\u003c/a\u003e Bump pins (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/195d10ad90f31d8cd6ea1efd6ecc12969ddbe73f\"\u003e\u003ccode\u003e195d10a\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/94\"\u003e#94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c65bc8876171b6d82748ec98b77c0193b1226b94\"\u003e\u003ccode\u003ec65bc88\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c2c887f84674f9c15123e2905d2d307675d8bc01\"\u003e\u003ccode\u003ec2c887f\u003c/code\u003e\u003c/a\u003e chore(deps): bump zizmorcore/zizmor-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5507ab0c02a9ac3996895e1598d6b3385ea7d525\"\u003e\u003ccode\u003e5507ab0\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d\"\u003e\u003ccode\u003e0dce257\u003c/code\u003e\u003c/a\u003e chore(deps): bump peter-evans/create-pull-request (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/88\"\u003e#88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/fb9497493b591ad90176d3ecac5ca4aeff8c9faf\"\u003e\u003ccode\u003efb94974\u003c/code\u003e\u003c/a\u003e Expose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/87\"\u003e#87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/867562a69bb7adcc63dd1e8c003600a58b5f70e2\"\u003e\u003ccode\u003e867562a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/85\"\u003e#85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/7462f075f718787753331c6d98ca9ef8eb41e735\"\u003e\u003ccode\u003e7462f07\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/84\"\u003e#84\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/e639db99335bc9038abc0e066dfcd72e23d26fb4...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.2.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDisable trivy-action until their security issue is solved\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/55a59b24a441e0e1943080d4a512d827710d4a9d...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hendrikmuhs/ccache-action` from 1.2.20 to 1.2.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/releases\"\u003ehendrikmuhs/ccache-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/396\"\u003ehendrikmuhs/ccache-action#396\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.0 to 25.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/417\"\u003ehendrikmuhs/ccache-action#417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/cache\u003c/code\u003e from 4.1.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/412\"\u003ehendrikmuhs/ccache-action#412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/413\"\u003ehendrikmuhs/ccache-action#413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/exec\u003c/code\u003e from 1.1.1 to 3.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/414\"\u003ehendrikmuhs/ccache-action#414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/io\u003c/code\u003e from 2.0.0 to 3.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/416\"\u003ehendrikmuhs/ccache-action#416\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: add Windows ARM and macOS binaries, use a single Package class, deduplicate some common install code by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/403\"\u003ehendrikmuhs/ccache-action#403\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.2.2 to 25.3.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/421\"\u003ehendrikmuhs/ccache-action#421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump jest from 30.2.0 to 30.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/431\"\u003ehendrikmuhs/ccache-action#431\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Node.js version from 20 to 24 by \u003ca href=\"https://github.com/janisozaur\"\u003e\u003ccode\u003e@​janisozaur\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/427\"\u003ehendrikmuhs/ccache-action#427\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.3.3 to 25.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/430\"\u003ehendrikmuhs/ccache-action#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: generate metadata json file by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/422\"\u003ehendrikmuhs/ccache-action#422\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: add install matrix  by \u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/423\"\u003ehendrikmuhs/ccache-action#423\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/429\"\u003ehendrikmuhs/ccache-action#429\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crueter\"\u003e\u003ccode\u003e@​crueter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/pull/403\"\u003ehendrikmuhs/ccache-action#403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/v1.2...v1.2.21\"\u003ehttps://github.com/hendrikmuhs/ccache-action/compare/v1.2...v1.2.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/1bbbcda0748b3e340dee71a314fa68ffcbd6df79\"\u003e\u003ccode\u003e1bbbcda\u003c/code\u003e\u003c/a\u003e update code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/ad1528eb9645516c5ed957831c14fc45974dc2db\"\u003e\u003ccode\u003ead1528e\u003c/code\u003e\u003c/a\u003e Bump undici from 6.23.0 to 6.24.1 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/429\"\u003e#429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/b13e06baa433e378631875708da028728c85272e\"\u003e\u003ccode\u003eb13e06b\u003c/code\u003e\u003c/a\u003e tests: add install matrix  (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/423\"\u003e#423\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/db942ad7470cac36515ee8aa7b4a4c7dffb8ca9c\"\u003e\u003ccode\u003edb942ad\u003c/code\u003e\u003c/a\u003e refactor: generate metadata json file (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/422\"\u003e#422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/4f5619a998ecc04bcf09845b93b4df20d30a3a79\"\u003e\u003ccode\u003e4f5619a\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.3.3 to 25.5.0 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/430\"\u003e#430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/cbca54bc091066d19ba55db5b7814f46b0b84baa\"\u003e\u003ccode\u003ecbca54b\u003c/code\u003e\u003c/a\u003e Upgrade Node.js version from 20 to 24 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/4a6e0f01d7bfadececa26b58ec632c5cb1a9fc5a\"\u003e\u003ccode\u003e4a6e0f0\u003c/code\u003e\u003c/a\u003e Bump jest from 30.2.0 to 30.3.0 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/c56d71aeec8b5dd2dc73e25a774334e2d6b762ff\"\u003e\u003ccode\u003ec56d71a\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.2.2 to 25.3.3 (\u003ca href=\"https://redirect.github.com/hendrikmuhs/ccache-action/issues/421\"\u003e#421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/ac5cc34c29f1f9ee6f415282f243a4a61b0e8062\"\u003e\u003ccode\u003eac5cc34\u003c/code\u003e\u003c/a\u003e refactor: add Windows ARM and macOS binaries, use a single Package class, ded...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hendrikmuhs/ccache-action/commit/a84654113cbf557e87cc3b0fd082efdc9fa3f9b5\"\u003e\u003ccode\u003ea846541\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hendrikmuhs/ccache-action/compare/5ebbd400eff9e74630f759d94ddd7b6c26299639...1bbbcda0748b3e340dee71a314fa68ffcbd6df79\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/philips-software/amp-postmaster/pull/193","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Famp-postmaster/issues/193","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/193/packages"}},{"old_version":"9.2.0","new_version":"9.4.0","update_type":"minor","path":null,"pr_created_at":"2026-03-17T04:16:42.000Z","version_change":"9.2.0 → 9.4.0","issue":{"uuid":"4086103329","node_id":"PR_kwDONYMH5c7LGmke","number":191,"state":"open","title":"build(deps): bump the github-actions group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-17T04:16:42.000Z","updated_at":"2026-03-17T04:18:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"github-actions","update_count":4,"packages":[{"name":"actions/checkout","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"zizmorcore/zizmor-action","old_version":"0.3.0","new_version":"0.5.2","repository_url":"https://github.com/zizmorcore/zizmor-action"},{"name":"oxsecurity/megalinter","old_version":"9.2.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"actions/cache","old_version":"5.0.1","new_version":"5.0.3","repository_url":"https://github.com/actions/cache"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action), [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) and [actions/cache](https://github.com/actions/cache).\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.3.0 to 0.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.1 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.0 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExpose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e by \u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unlobito\"\u003e\u003ccode\u003e@​unlobito\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/87\"\u003ezizmorcore/zizmor-action#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.1...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.1\u003c/h2\u003e\n\u003cp\u003eThis version fixes an error in the 0.4.0 release that prevented non-relative use\nof the action.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix version file path by \u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/83\"\u003ezizmorcore/zizmor-action#83\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.4.0\u003c/h2\u003e\n\u003cp\u003eThis new version of \u003ccode\u003ezizmor-action\u003c/code\u003e brings two major changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe new \u003ccode\u003efail-on-no-inputs\u003c/code\u003e option can be used to control whether\n\u003ccode\u003ezizmor-action\u003c/code\u003e fails if no inputs were collected by \u003ccode\u003ezizmor\u003c/code\u003e. The default\nremains \u003ccode\u003etrue\u003c/code\u003e, reflecting the pre-existing behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe action's use of the official \u003ccode\u003ezizmor\u003c/code\u003e Docker images is now fully\nhash-checked internally, preventing accidental or malicious modification\nto the images. This also means that subsequent releases of \u003ccode\u003ezizmor\u003c/code\u003e\nwill induce a release of this action, rather than the action always picking\nup the latest version by default.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: extended permissions required for internal repos by \u003ca href=\"https://github.com/AntoineSebert\"\u003e\u003ccode\u003e@​AntoineSebert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/61\"\u003ezizmorcore/zizmor-action#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify description of \u0026quot;token\u0026quot; to indicate it is only used for online audits by \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/pull/63\"\u003ezizmorcore/zizmor-action#63\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003e\u003ccode\u003e71321a2\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ed31db0964a9d37608edd5b0675de2b52070662\"\u003e\u003ccode\u003e5ed31db\u003c/code\u003e\u003c/a\u003e Bump pins (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/195d10ad90f31d8cd6ea1efd6ecc12969ddbe73f\"\u003e\u003ccode\u003e195d10a\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/94\"\u003e#94\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c65bc8876171b6d82748ec98b77c0193b1226b94\"\u003e\u003ccode\u003ec65bc88\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/c2c887f84674f9c15123e2905d2d307675d8bc01\"\u003e\u003ccode\u003ec2c887f\u003c/code\u003e\u003c/a\u003e chore(deps): bump zizmorcore/zizmor-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5507ab0c02a9ac3996895e1598d6b3385ea7d525\"\u003e\u003ccode\u003e5507ab0\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d\"\u003e\u003ccode\u003e0dce257\u003c/code\u003e\u003c/a\u003e chore(deps): bump peter-evans/create-pull-request (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/88\"\u003e#88\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/fb9497493b591ad90176d3ecac5ca4aeff8c9faf\"\u003e\u003ccode\u003efb94974\u003c/code\u003e\u003c/a\u003e Expose \u003ccode\u003eoutput-file\u003c/code\u003e as an output when \u003ccode\u003eadvanced-security: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/87\"\u003e#87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/867562a69bb7adcc63dd1e8c003600a58b5f70e2\"\u003e\u003ccode\u003e867562a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/85\"\u003e#85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/7462f075f718787753331c6d98ca9ef8eb41e735\"\u003e\u003ccode\u003e7462f07\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/84\"\u003e#84\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/e639db99335bc9038abc0e066dfcd72e23d26fb4...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.2.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format\"\u003edotnet-format\u003c/a\u003e from 9.0.114 to \u003cstrong\u003e10.0.103\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://htmlhint.com/\"\u003ehtmlhint\u003c/a\u003e from 1.9.1 to \u003cstrong\u003e1.9.2\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/55a59b24a441e0e1943080d4a512d827710d4a9d...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 5.0.1 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\nIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003e4.3.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2132\"\u003ev4.1.0\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003e\u003ccode\u003ecdf6c1f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1695\"\u003e#1695\u003c/a\u003e from actions/Link-/prepare-5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d\"\u003e\u003ccode\u003ea1bee22\u003c/code\u003e\u003c/a\u003e Add review for the \u003ccode\u003e@​actions/http-client\u003c/code\u003e license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f\"\u003e\u003ccode\u003e4695763\u003c/code\u003e\u003c/a\u003e Add licensed output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502\"\u003e\u003ccode\u003edc73bb9\u003c/code\u003e\u003c/a\u003e Upgrade dependencies and address security warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a\"\u003e\u003ccode\u003e345d5c2\u003c/code\u003e\u003c/a\u003e Add 5.0.3 builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8b402f58fbc84540c8b491a91e594a4576fec3d7\"\u003e\u003ccode\u003e8b402f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1692\"\u003e#1692\u003c/a\u003e from GhadimiR/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/304ab5a0701ee61908ccb4b5822347949a2e2002\"\u003e\u003ccode\u003e304ab5a\u003c/code\u003e\u003c/a\u003e license for httpclient\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/609fc19e67cd310e97eb36af42355843ffcb35be\"\u003e\u003ccode\u003e609fc19\u003c/code\u003e\u003c/a\u003e Update licensed record for cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/b22231e43df11a67538c05e88835f1fa097599c5\"\u003e\u003ccode\u003eb22231e\u003c/code\u003e\u003c/a\u003e Build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/93150cdfb36a9d84d4e8628c8870bec84aedcf8a\"\u003e\u003ccode\u003e93150cd\u003c/code\u003e\u003c/a\u003e Add PR link to releases\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/philips-software/amp-postmaster/pull/191","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philips-software%2Famp-postmaster/issues/191","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/191/packages"}},{"old_version":"9.3.0","new_version":"9.4.0","update_type":"minor","path":null,"pr_created_at":"2026-03-16T07:56:50.000Z","version_change":"9.3.0 → 9.4.0","issue":{"uuid":"4080845286","node_id":"PR_kwDOOJE5qc7K1oQE","number":81,"state":"open","title":"Bump the minor-and-patch group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-16T07:56:50.000Z","updated_at":"2026-03-16T07:58:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"minor-and-patch","update_count":4,"packages":[{"name":"github/codeql-action","old_version":"4.32.2","new_version":"4.32.6","repository_url":"https://github.com/github/codeql-action"},{"name":"oxsecurity/megalinter","old_version":"9.3.0","new_version":"9.4.0","repository_url":"https://github.com/oxsecurity/megalinter"},{"name":"softprops/action-gh-release","old_version":"2.5.0","new_version":"2.6.1","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/stale","old_version":"10.1.1","new_version":"10.2.0","repository_url":"https://github.com/actions/stale"}],"path":null,"ecosystem":"actions"},"body":"Bumps the minor-and-patch group with 4 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [actions/stale](https://github.com/actions/stale).\n\nUpdates `github/codeql-action` from 4.32.2 to 4.32.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to disable \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository property with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and the type \u0026quot;True/false\u0026quot; in the organization's settings. Then in the repository's settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to disable improved incremental analysis. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. This feature is not yet available on GitHub Enterprise Server. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space requirement for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the \u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href=\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href=\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.6 - 05 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.5 - 02 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRepositories owned by an organization can now set up the \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e custom repository property to disable \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis for CodeQL\u003c/a\u003e. First, create a custom repository property with the name \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e and the type \u0026quot;True/false\u0026quot; in the organization's settings. Then in the repository's settings, set this property to \u003ccode\u003etrue\u003c/code\u003e to disable improved incremental analysis. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. This feature is not yet available on GitHub Enterprise Server. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3507\"\u003e#3507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change so that when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3515\"\u003e#3515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3516\"\u003e#3516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which lowers the minimum disk space requirement for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3498\"\u003e#3498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which allows the \u003ccode\u003estart-proxy\u003c/code\u003e action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3512\"\u003e#3512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3503\"\u003e#3503\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3504\"\u003e#3504\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.4 - 20 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2\"\u003e2.24.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3493\"\u003e#3493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3473\"\u003e#3473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the CodeQL Action is run \u003ca href=\"https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup\"\u003ewith debugging enabled in Default Setup\u003c/a\u003e and \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries are configured\u003c/a\u003e, the \u0026quot;Setup proxy for registries\u0026quot; step will output additional diagnostic information that can be used for troubleshooting. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3486\"\u003e#3486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3485\"\u003e#3485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded a setting which enables GitHub-managed workflows, such as Default Setup, to use a \u003ca href=\"https://github.com/dsp-testing/codeql-cli-nightlies\"\u003enightly CodeQL CLI release\u003c/a\u003e instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.3 - 13 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded experimental support for testing connections to \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3466\"\u003e#3466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.2 - 05 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1\"\u003e2.24.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3460\"\u003e#3460\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.32.1 - 02 Feb 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eA warning is now shown in Default Setup workflow logs if a \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registry is configured\u003c/a\u003e using a GitHub Personal Access Token (PAT), but no username is configured. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3422\"\u003e#3422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d579ffd059c29b07949a3cce3983f0780820c98\"\u003e\u003ccode\u003e0d579ff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3551\"\u003e#3551\u003c/a\u003e from github/update-v4.32.6-72d2d850d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4c6be7cf1c47a33a06fa9183269e133e6863574\"\u003e\u003ccode\u003ed4c6be7\u003c/code\u003e\u003c/a\u003e Update changelog for v4.32.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72d2d850d1f91d4e1e024f4cf4276fd16bb68462\"\u003e\u003ccode\u003e72d2d85\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3548\"\u003e#3548\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/23f983ce00d9a853697a6aaa9eae8d5abbf14849\"\u003e\u003ccode\u003e23f983c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3544\"\u003e#3544\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/832e97ccad228ef72e06ffee26f6251bceeb7e5f\"\u003e\u003ccode\u003e832e97c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3545\"\u003e#3545\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5ef38c0b13c2f0f5ce928cb7706f5fb19fc97ae2\"\u003e\u003ccode\u003e5ef38c0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3546\"\u003e#3546\u003c/a\u003e from github/dependabot/npm_and_yarn/tar-7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/80c9cda73902bba67939606c4bf3a1d9606bb150\"\u003e\u003ccode\u003e80c9cda\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f2669dd916c673b2811839169929a8ba71bb7634\"\u003e\u003ccode\u003ef2669dd\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.24.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/bd03c44cf40965f5476f66fad404194e4cb35710\"\u003e\u003ccode\u003ebd03c44\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/102d7627b63c066871badf0743c11b2f6dd9c9e9\"\u003e\u003ccode\u003e102d762\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.7 to 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...0d579ffd059c29b07949a3cce3983f0780820c98\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oxsecurity/megalinter` from 9.3.0 to 9.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/releases\"\u003eoxsecurity/megalinter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImprove files browsing performances (2 PRs)\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter processing and improve grouping logic\u003c/li\u003e\n\u003cli\u003eImprove performance of listing .gitignored files by sending excluded directories to git ls-files\u003c/li\u003e\n\u003cli\u003eIf there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances\u003c/li\u003e\n\u003cli\u003eReduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules\u003c/li\u003e\n\u003cli\u003eCache subprocess environment per linter run and excluded directories per request\u003c/li\u003e\n\u003cli\u003eOptimize parallel linter result update from O(n²) to O(n)\u003c/li\u003e\n\u003cli\u003eAdd support in the build of Docker images for linux/arm64 in compatible linters\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://nbqa.readthedocs.io/\"\u003ePYTHON_NBQA_MYPY\u003c/a\u003e for type-checking Jupyter notebooks using nbqa + mypy\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLUA_SELENE: \u003ca href=\"https://redirect.github.com/Kampfkarren/selene/issues/662\"\u003eKampfkarren/selene#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the official checkmake image by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Add sarif support to spectral by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpectral: Change cli_lint_mode to list_of_files to improve performances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remote origins when building custom flavors (fixes: \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6511\"\u003e#6511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix issue with plugins ignored when FLAVOR_SUGGESTIONS=false\u003c/li\u003e\n\u003cli\u003eFix wrong tagging \u003ccode\u003eapply_fixes=True\u003c/code\u003e when linter has no fix options configured\u003c/li\u003e\n\u003cli\u003ePython mypy: Remove \u003ccode\u003e.ipynb\u003c/code\u003e from file extensions (mypy doesn't support notebooks directly) - fixes \u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/6904\"\u003e#6904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix operator precedence bug in pre_post_factory pre/post command logic\u003c/li\u003e\n\u003cli\u003eFix file handle leak in GitleaksLinter\u003c/li\u003e\n\u003cli\u003eFix variable name bug in utils.get_git_context_info\u003c/li\u003e\n\u003cli\u003eMinor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a link inviting to star MegaLinter\u003c/li\u003e\n\u003cli\u003eDisplay in the console reporter the working directory from which the commands are executed by \u003ca href=\"https://github.com/bdovaz\"\u003e\u003ccode\u003e@​bdovaz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate WebHook reporter so it can send more events for a better integration with UI\u003c/li\u003e\n\u003cli\u003eWhen truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)\u003c/li\u003e\n\u003cli\u003eIn case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead\u003c/li\u003e\n\u003cli\u003eAzure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCustom flavor builder:\n\u003cul\u003e\n\u003cli\u003eAdd support for SSH remotes\u003c/li\u003e\n\u003cli\u003eAllow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms\u003c/li\u003e\n\u003cli\u003eBuild \u0026amp; release custom flavor builder image for linux/arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJSON Schema: Add default values for file extensions and file names variables + improve descriptions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md\"\u003eoxsecurity/megalinter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e, and this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased] (beta, main branch content)\u003c/h2\u003e\n\u003cp\u003eNote: Can be used with \u003ccode\u003eoxsecurity/megalinter@beta\u003c/code\u003e in your GitHub Action mega-linter.yml file, or with \u003ccode\u003eoxsecurity/megalinter:beta\u003c/code\u003e docker image\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCore\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisabled linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecated linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved linters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMedia\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinters enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReporters\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFlavors\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDoc\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCI\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emega-linter-runner\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLinter versions upgrades (N)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pycqa.github.io/isort/\"\u003eisort\u003c/a\u003e from 8.0.0 to \u003cstrong\u003e8.0.1\u003c/strong\u003e on 2026-02-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.32 to \u003cstrong\u003e0.1.33\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy-sbom\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://aquasecurity.github.io/trivy/\"\u003etrivy\u003c/a\u003e from 0.69.1 to \u003cstrong\u003e0.69.2\u003c/strong\u003e on 2026-03-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws-cloudformation/cfn-lint\"\u003ecfn-lint\u003c/a\u003e from 1.45.0 to \u003cstrong\u003e1.46.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rvben/rumdl\"\u003erumdl\u003c/a\u003e from 0.1.33 to \u003cstrong\u003e0.1.42\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://black.readthedocs.io/en/stable/\"\u003eblack\u003c/a\u003e from 26.1.0 to \u003cstrong\u003e26.3.0\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/grype\"\u003egrype\u003c/a\u003e from 0.109.0 to \u003cstrong\u003e0.109.1\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/syft\"\u003esyft\u003c/a\u003e from 1.42.1 to \u003cstrong\u003e1.42.2\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rust-lang/rust-clippy\"\u003eclippy\u003c/a\u003e from 0.1.93 to \u003cstrong\u003e0.1.94\u003c/strong\u003e on 2026-03-09\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://nvuillam.github.io/npm-groovy-lint/\"\u003enpm-groovy-lint\u003c/a\u003e from 16.2.0 to \u003cstrong\u003e17.0.0\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-format\"\u003edotnet-format\u003c/a\u003e from 9.0.114 to \u003cstrong\u003e10.0.103\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://htmlhint.com/\"\u003ehtmlhint\u003c/a\u003e from 1.9.1 to \u003cstrong\u003e1.9.2\u003c/strong\u003e on 2026-03-10\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003e\u003ccode\u003e8fbdead\u003c/code\u003e\u003c/a\u003e Release MegaLinter v9.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66\"\u003e\u003ccode\u003e9f605c4\u003c/code\u003e\u003c/a\u003e Fix custom flavor builder workflow (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b\"\u003e\u003ccode\u003eb7dcb60\u003c/code\u003e\u003c/a\u003e Update changelog to prepare release (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7304\"\u003e#7304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2\"\u003e\u003ccode\u003e3077b04\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency regex to v2026.2.28 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7303\"\u003e#7303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649\"\u003e\u003ccode\u003eedba876\u003c/code\u003e\u003c/a\u003e [automation] Auto-update linters version, help and documentation (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7299\"\u003e#7299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac\"\u003e\u003ccode\u003e07fb84d\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency python-gitlab to v8.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a\"\u003e\u003ccode\u003e4d42e33\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency fastapi to v0.134.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7301\"\u003e#7301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095\"\u003e\u003ccode\u003e649726c\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rumdl to v0.1.32 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc\"\u003e\u003ccode\u003e768b5a3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency virtualenv to v21.1.0 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7298\"\u003e#7298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537\"\u003e\u003ccode\u003e7e73a76\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-jsonc to v3 (\u003ca href=\"https://redirect.github.com/oxsecurity/megalinter/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oxsecurity/megalinter/compare/42bb470545e359597e7f12156947c436e4e3fb9a...8fbdead70d1409964ab3d5afa885e18ee85388bb\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.5.0 to 2.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eExciting New Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: support previous_tag for generate_release_notes by \u003ca href=\"https://github.com/pocesar\"\u003e\u003ccode\u003e@​pocesar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/372\"\u003esoftprops/action-gh-release#372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: recover concurrent asset metadata 404s by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/760\"\u003esoftprops/action-gh-release#760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify reused draft release behavior by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/759\"\u003esoftprops/action-gh-release#759\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify working_directory input by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/761\"\u003esoftprops/action-gh-release#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: verify dist bundle freshness by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/762\"\u003esoftprops/action-gh-release#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clarify immutable prerelease uploads by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/763\"\u003esoftprops/action-gh-release#763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003ccode\u003e2.5.3\u003c/code\u003e is a patch release focused on the remaining path-handling and release-selection bugs uncovered after \u003ccode\u003e2.5.2\u003c/code\u003e.\nIt fixes \u003ccode\u003e[#639](https://github.com/softprops/action-gh-release/issues/639)\u003c/code\u003e, \u003ccode\u003e[#571](https://github.com/softprops/action-gh-release/issues/571)\u003c/code\u003e, \u003ccode\u003e[#280](https://github.com/softprops/action-gh-release/issues/280)\u003c/code\u003e, \u003ccode\u003e[#614](https://github.com/softprops/action-gh-release/issues/614)\u003c/code\u003e, \u003ccode\u003e[#311](https://github.com/softprops/action-gh-release/issues/311)\u003c/code\u003e, \u003ccode\u003e[#403](https://github.com/softprops/action-gh-release/issues/403)\u003c/code\u003e, and \u003ccode\u003e[#368](https://github.com/softprops/action-gh-release/issues/368)\u003c/code\u003e.\nIt also adds documentation clarifications for \u003ccode\u003e[#541](https://github.com/softprops/action-gh-release/issues/541)\u003c/code\u003e, \u003ccode\u003e[#645](https://github.com/softprops/action-gh-release/issues/645)\u003c/code\u003e, \u003ccode\u003e[#542](https://github.com/softprops/action-gh-release/issues/542)\u003c/code\u003e, \u003ccode\u003e[#393](https://github.com/softprops/action-gh-release/issues/393)\u003c/code\u003e, and \u003ccode\u003e[#411](https://github.com/softprops/action-gh-release/issues/411)\u003c/code\u003e,\nwhere the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eExciting New Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: support previous_tag for generate_release_notes by \u003ca href=\"https://github.com/pocesar\"\u003e\u003ccode\u003e@​pocesar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/372\"\u003esoftprops/action-gh-release#372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: recover concurrent asset metadata 404s by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/760\"\u003esoftprops/action-gh-release#760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: clarify reused draft release behavior by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/759\"\u003esoftprops/action-gh-release#759\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify working_directory input by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/761\"\u003esoftprops/action-gh-release#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: verify dist bundle freshness by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/762\"\u003esoftprops/action-gh-release#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clarify immutable prerelease uploads by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/763\"\u003esoftprops/action-gh-release#763\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.5.3\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.5.3\u003c/code\u003e is a patch release focused on the remaining path-handling and release-selection bugs uncovered after \u003ccode\u003e2.5.2\u003c/code\u003e.\nIt fixes \u003ccode\u003e[#639](https://github.com/softprops/action-gh-release/issues/639)\u003c/code\u003e, \u003ccode\u003e[#571](https://github.com/softprops/action-gh-release/issues/571)\u003c/code\u003e, \u003ccode\u003e[#280](https://github.com/softprops/action-gh-release/issues/280)\u003c/code\u003e, \u003ccode\u003e[#614](https://github.com/softprops/action-gh-release/issues/614)\u003c/code\u003e, \u003ccode\u003e[#311](https://github.com/softprops/action-gh-release/issues/311)\u003c/code\u003e, \u003ccode\u003e[#403](https://github.com/softprops/action-gh-release/issues/403)\u003c/code\u003e, and \u003ccode\u003e[#368](https://github.com/softprops/action-gh-release/issues/368)\u003c/code\u003e.\nIt also adds documentation clarifications for \u003ccode\u003e[#541](https://github.com/softprops/action-gh-release/issues/541)\u003c/code\u003e, \u003ccode\u003e[#645](https://github.com/softprops/action-gh-release/issues/645)\u003c/code\u003e, \u003ccode\u003e[#542](https://github.com/softprops/action-gh-release/issues/542)\u003c/code\u003e, \u003ccode\u003e[#393](https://github.com/softprops/action-gh-release/issues/393)\u003c/code\u003e, and \u003ccode\u003e[#411](https://github.com/softprops/action-gh-release/issues/411)\u003c/code\u003e,\nwhere the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/153bb8e04406b158c6c84fc1615b65b24149a1fe\"\u003e\u003ccode\u003e153bb8e\u003c/code\u003e\u003c/a\u003e release 2.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/569deb874d08cd8cc0aa24af7c0b21160fe4b0e4\"\u003e\u003ccode\u003e569deb8\u003c/code\u003e\u003c/a\u003e fix: preserve discussion category when publishing releases (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/765\"\u003e#765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/26e8ad27a09a225049a7075d7ec1caa2df6ff332\"\u003e\u003ccode\u003e26e8ad2\u003c/code\u003e\u003c/a\u003e release 2.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b959f31e968fb47fb7bb823087fc092d5613e0a4\"\u003e\u003ccode\u003eb959f31\u003c/code\u003e\u003c/a\u003e fix: clarify immutable prerelease uploads (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/763\"\u003e#763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/8a8510e3a0d8dfc9296171fd405ca8c8ea6206a4\"\u003e\u003ccode\u003e8a8510e\u003c/code\u003e\u003c/a\u003e ci: verify dist bundle freshness (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/438c15ddf5b01e992ef98dc29cea3f9992ab54ac\"\u003e\u003ccode\u003e438c15d\u003c/code\u003e\u003c/a\u003e docs: clarify working_directory input (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/761\"\u003e#761\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/6ca3b5d96e3a0fac11dc53f0809c2cb029e64902\"\u003e\u003ccode\u003e6ca3b5d\u003c/code\u003e\u003c/a\u003e fix: recover concurrent asset metadata 404s (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/760\"\u003e#760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/11f917660b31d6d56980ea3261f210556a812bd0\"\u003e\u003ccode\u003e11f9176\u003c/code\u003e\u003c/a\u003e chore: add RELEASE.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/1f3f350167714515d2bcf8a18afcc5e8e0a362a8\"\u003e\u003ccode\u003e1f3f350\u003c/code\u003e\u003c/a\u003e feat: add AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/37819cb191890d306d21cfb5ac4e7a358f0a6e4f\"\u003e\u003ccode\u003e37819cb\u003c/code\u003e\u003c/a\u003e docs: clarify reused draft release behavior (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/759\"\u003e#759\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 10.1.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/stale/releases\"\u003eactions/stale's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix checking state cache (fix \u003ca href=\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e) and switch to Octokit helper methods by \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade js-yaml from  4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1304\"\u003eactions/stale#1304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade lodash from 4.17.21 to 4.17.23 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1313\"\u003eactions/stale#1313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0  by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1312\"\u003eactions/stale#1312\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1152\"\u003eactions/stale#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/stale/compare/v10...v10.2.0\"\u003ehttps://github.com/actions/stale/compare/v10...v10.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003e\u003ccode\u003eb5d41d4\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1313\"\u003e#1313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/dcd2b9469d2220b7e8d08aedc00c105d277fd46b\"\u003e\u003ccode\u003edcd2b94\u003c/code\u003e\u003c/a\u003e Fix punycode and url.parse Deprecation Warnings (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1312\"\u003e#1312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/d6f8a33132340b15a7006f552936e4b9b39c00ec\"\u003e\u003ccode\u003ed6f8a33\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1304\"\u003e#1304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/stale/commit/a21a0816299b11691f9592ef0d63d08e02f06d9d\"\u003e\u003ccode\u003ea21a081\u003c/code\u003e\u003c/a\u003e Fix checking state cache (fix \u003ca href=\"https://redirect.github.com/actions/stale/issues/1136\"\u003e#1136\u003c/a\u003e), also switch to octokit methods (\u003ca href=\"https://redirect.github.com/actions/stale/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/wesley-dean/publish_image/pull/81","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wesley-dean%2Fpublish_image/issues/81","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/81/packages"}}]}