fix(gha)(deps): bump the github-actions group with 10 updates

[dependabot]

Bumps the github-actions group with 10 updates:

Package	From	To
release-drafter/release-drafter	6.0.0	6.1.0
wagoid/commitlint-github-action	6.1.2	6.2.1
dependabot/fetch-metadata	2.2.0	2.3.0
microsoft/DevSkim-Action	1.0.14	1.0.15
eps1lon/actions-label-merge-conflict	3.0.2	3.0.3
oxsecurity/megalinter	8.3.0	8.4.1
peter-evans/create-pull-request	7.0.5	7.0.6
stefanzweifel/git-auto-commit-action	5.0.1	5.1.0
withastro/action	3.0.0	3.0.2
actions/stale	9.0.0	9.1.0

Updates release-drafter/release-drafter from 6.0.0 to 6.1.0

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.1.0

What's Changed

New

• Add config option for PR query limit (#1362) @​ssolbeck

Bug Fixes

• Fix: Correctly mention bot accounts in release notes (#1376) @​jamietanna
• Update only drafts with the same prerelease status (#1385) @​jaap3

Documentation

• docs: Fix Fork Link (#1412) @​Dor-bl
• Ensure support new default branch name (#1079) @​Triloworld
• update schema generation and update schema to draft 07 (#1422) @​jetersen
• fix typo: therelease (#1407) @​billykern
• Document added action outputs introduced in #1300 (#1406) @​SVNKoch
• Update README.md (#1421) @​yusufraji
• fix: update broken link in readme (#1416) @​kopach
• Update v6 README.md (#1384) @​taku333

Full Changelog: release-drafter/release-drafter@v6.0.0...v6.1.0

Commits

• See full diff in compare view

Updates wagoid/commitlint-github-action from 6.1.2 to 6.2.1

Changelog

Sourced from wagoid/commitlint-github-action's changelog.

Changelog

All notable changes to this project will be documented in this file. See commit-and-tag-version for commit guidelines.

6.2.1 (2025-01-14)

6.2.0 (2024-12-16)

Features

• handle merge_group event - get squashed commit (#806) (ef2cd3b)

6.1.2 (2024-09-04)

Bug Fixes

• using compareCommits for push event commit query (#801) (47ff131)

6.1.1 (2024-08-21)

6.1.0 (2024-08-20)

Features

• updating push event trigger to use rest API (OctoKit) vs push event (70e22e9)

Bug Fixes

• updating unit tests with mocking push octokit list commits (c3ab7fd)

6.0.2 (2024-08-05)

6.0.1 (2024-04-10)

6.0.0 (2024-03-28)

⚠ BREAKING CHANGES

• commitlint.config.js is not supported anymore, please use .mjs extension

Features

• upgrade to commitlint v19 (732f0ad)

5.5.1 (2024-03-28)

... (truncated)

Commits

• b948419 chore(release): publish 6.2.1 [skip-ci]
• ddda164 chore: readme.md update github actions versions (#808)
• 0184f5a chore(release): publish 6.2.0 [skip-ci]
• ef2cd3b feat: handle merge_group event - get squashed commit (#806)
• See full diff in compare view

Updates dependabot/fetch-metadata from 2.2.0 to 2.3.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.3.0

What's Changed

• Bump actions/create-github-app-token from 1.10.2 to 1.10.3 by @​dependabot in dependabot/fetch-metadata#537
• Update readme to include an if conditional by @​Nishnha in dependabot/fetch-metadata#548
• Silence audit and funding messages from npm by @​jeffwidman in dependabot/fetch-metadata#550
• Bump actions/create-github-app-token from 1.10.3 to 1.11.0 by @​dependabot in dependabot/fetch-metadata#554
• fix readme action example by @​CloudNStoyan in dependabot/fetch-metadata#563
• Fixed missing outputs in action.yml by @​CatChen in dependabot/fetch-metadata#564
• Handle branch names containing dependency group by @​CloudNStoyan in dependabot/fetch-metadata#565
• v2.3.0 by @​fetch-metadata-action-automation in dependabot/fetch-metadata#543

New Contributors

• @​CloudNStoyan made their first contribution in dependabot/fetch-metadata#563
• @​CatChen made their first contribution in dependabot/fetch-metadata#564

Full Changelog: dependabot/fetch-metadata@v2...v2.3.0

Commits

• d7267f6 Merge pull request #543 from dependabot/bump-to-v2.3.0
• e3dd295 v2.3.0
• 3da9521 Merge pull request #565 from CloudNStoyan/main
• de52f60 update build
• 59d2b1f fix incorrect parsing of directory when using dependency-group
• 0d27069 Merge pull request #564 from CatChen/fixed-missing-outputs-in-action-yml
• 5a7546a Fixed missing outputs in action.yml
• 06ea45a Merge pull request #563 from CloudNStoyan/main
• bbfca7e fix readme action example
• b0d0393 Merge pull request #554 from dependabot/dependabot/github_actions/actions/cre...
• Additional commits viewable in compare view

Updates microsoft/DevSkim-Action from 1.0.14 to 1.0.15

Release notes

Sourced from microsoft/DevSkim-Action's releases.

v1.0.15

What's Changed

• Update Dockerfile to use Net 8 SDK by @​gfs in microsoft/DevSkim-Action#31

Full Changelog: microsoft/DevSkim-Action@v1...v1.0.15

Commits

• a6b6966 Update Dockerfile (#31)
• See full diff in compare view

Updates eps1lon/actions-label-merge-conflict from 3.0.2 to 3.0.3

Release notes

Sourced from eps1lon/actions-label-merge-conflict's releases.

3.0.3

What's Changed

• Ensure outputs is populated by @​jrfnl in eps1lon/actions-label-merge-conflict#136
• release: 3.0.3 by @​eps1lon in eps1lon/actions-label-merge-conflict#137

New Contributors

• @​jrfnl made their first contribution in eps1lon/actions-label-merge-conflict#136

Full Changelog: eps1lon/actions-label-merge-conflict@v3.0.2...v3.0.3

Commits

• 1df065e release: 3.0.3 (#137)
• 0bec9f3 actions.yml: fix typo (#136)
• 657e437 chore(deps): update dependency typescript to v5.5.3 (#130)
• 2834691 chore(deps): update dependency @​types/node to v20.14.11 (#128)
• a4f3bd7 chore(deps): update dependency @​types/node to v20.14.4 (#127)
• See full diff in compare view

Updates oxsecurity/megalinter from 8.3.0 to 8.4.1

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.4.1

What's Changed

• Quick fix about PRE_COMMANDS crash (see oxsecurity/megalinter#4591)
• Linter versions upgrades (2)
  • checkstyle from 10.21.1 to 10.21.2 on 2025-01-26
  • stylelint from 16.14.0 to 16.14.1 on 2025-01-27

Important: We know that .NET linters still have issues, but first things first, we'll publish another patch later :)

Full Changelog: oxsecurity/megalinter@v8.4.0...v8.4.1

v8.4.0

What's Changed

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @​llaville in oxsecurity/megalinter#4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @​llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @​bdovaz in #4482)
  • Bump python version to 3.12.8, by @​echoix in oxsecurity/megalinter#4372
  • Update to .NET 9, by @​bdovaz in oxsecurity/megalinter#4488
  • Upgrade PHP engine from 8.3 to 8.4, by @​llaville in oxsecurity/megalinter#4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @​nvuillam in oxsecurity/megalinter#4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @​nvuillam in oxsecurity/megalinter#4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @​llaville in oxsecurity/megalinter#4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @​bdovaz in oxsecurity/megalinter#4498
  • Add sarif output to golangci-lint, by @​bdovaz in oxsecurity/megalinter#4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #440, by @​Noraldeno in oxsecurity/megalinter#4427
  • jscpd url fixes, by @​alexanderbazhenoff in oxsecurity/megalinter#4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @​bdovaz in oxsecurity/megalinter#4469
  • Fix linter disabled reason usage, by @​bdovaz in oxsecurity/megalinter#4466

• Doc

  • Add contributing docs on venv, by @​bdovaz in oxsecurity/megalinter#4479
  • Add disabled linter badge, by @​bdovaz in oxsecurity/megalinter#4477
  • Add AzureCommentReporter instructions, by @​bdovaz in oxsecurity/megalinter#4480

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

• Disabled linters

• Media

• Linters enhancements

• Fixes

  • GH-4610 : PHP CS Fixer linter version available is not correct since running on PHP 8.4 runtime (by @​llaville)
  • Allow cspell to work with CLI_LINT_MODE=project
  • Downgrade npm-groovy-lint until it's fixed

• Reporters

• Doc

• Flavors

• CI

• mega-linter-runner

• Linter versions upgrades (N)

  • lightning-flow-scanner from 2.39.0 to 2.43.0 on 2025-01-28
  • editorconfig-checker from 3.1.2 to 3.2.0 on 2025-01-28
  • powershell_formatter from 7.4.6 to 7.5.0 on 2025-01-28
  • powershell from 7.4.6 to 7.5.0 on 2025-01-28
  • php-cs-fixer from 3.68.0 to 3.68.3 on 2025-01-28
  • ansible-lint from 25.1.0 to 25.1.1 on 2025-01-30
  • cfn-lint from 1.22.7 to 1.23.0 on 2025-01-30
  • roslynator from 0.9.3.0 to 0.10.0.0 on 2025-01-30
  • php-cs-fixer from 3.68.3 to 3.68.4 on 2025-01-30
  • black from 24.10.0 to 25.1.0 on 2025-01-30
  • isort from 5.13.2 to 6.0.0 on 2025-01-30
  • pylint from 3.3.3 to 3.3.4 on 2025-01-30
  • pyright from 1.1.392 to 1.1.393 on 2025-01-30
  • raku from 2024.10 to 2024.12 on 2025-01-30

... (truncated)

Commits

• 839e6d6 Release MegaLinter v8.4.1
• 67bab5c [automation] Auto-update linters version, help and documentation (#4597)
• 2c22082 Quick fix about PRE_COMMANDS crash (#4593)
• 8091505 [automation] Auto-update linters version, help and documentation (#4587)
• f90c800 Release MegaLinter v8.4.0
• 2704fea Prepare release (#4583)
• 151d9b0 [automation] Auto-update linters version, help and documentation (#4582)
• 81bcbd6 [automation] Auto-update linters version, help and documentation (#4579)
• 2ae47c2 chore(deps): update dependency mgechev/revive to v1.6.0 (#4580)
• b01ed58 chore(deps): update dependency lightning-flow-scanner to v2.39.0 (#4578)
• Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.5 to 7.0.6

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.6

⚙️ Fixes an issue with commit signing where unicode characters in file paths were not preserved.

What's Changed

• build(deps-dev): bump @​vercel/ncc from 0.38.1 to 0.38.2 by @​dependabot in peter-evans/create-pull-request#3365
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3370
• build(deps): bump @​octokit/plugin-rest-endpoint-methods from 13.2.4 to 13.2.5 by @​dependabot in peter-evans/create-pull-request#3375
• build(deps-dev): bump @​types/node from 18.19.50 to 18.19.54 by @​dependabot in peter-evans/create-pull-request#3376
• build(deps): bump @​octokit/plugin-paginate-rest from 11.3.3 to 11.3.5 by @​dependabot in peter-evans/create-pull-request#3377
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3388
• build(deps-dev): bump @​types/node from 18.19.54 to 18.19.55 by @​dependabot in peter-evans/create-pull-request#3400
• build(deps): bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in peter-evans/create-pull-request#3401
• build(deps): bump @​octokit/plugin-rest-endpoint-methods from 13.2.5 to 13.2.6 by @​dependabot in peter-evans/create-pull-request#3403
• build(deps-dev): bump eslint-plugin-import from 2.30.0 to 2.31.0 by @​dependabot in peter-evans/create-pull-request#3402
• build(deps): bump @​octokit/plugin-throttling from 9.3.1 to 9.3.2 by @​dependabot in peter-evans/create-pull-request#3404
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3423
• build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @​dependabot in peter-evans/create-pull-request#3441
• build(deps): bump undici from 6.19.8 to 6.20.1 by @​dependabot in peter-evans/create-pull-request#3442
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3451
• build(deps-dev): bump @​types/node from 18.19.55 to 18.19.58 by @​dependabot in peter-evans/create-pull-request#3457
• build(deps-dev): bump @​types/jest from 29.5.13 to 29.5.14 by @​dependabot in peter-evans/create-pull-request#3462
• build(deps-dev): bump @​types/node from 18.19.58 to 18.19.60 by @​dependabot in peter-evans/create-pull-request#3463
• chore: don't bundle undici by @​benmccann in peter-evans/create-pull-request#3475
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3478
• chore: use node-fetch-native support for proxy env vars by @​peter-evans in peter-evans/create-pull-request#3483
• build(deps-dev): bump @​types/node from 18.19.60 to 18.19.64 by @​dependabot in peter-evans/create-pull-request#3488
• build(deps-dev): bump undici from 6.20.1 to 6.21.0 by @​dependabot in peter-evans/create-pull-request#3499
• build(deps-dev): bump @​vercel/ncc from 0.38.2 to 0.38.3 by @​dependabot in peter-evans/create-pull-request#3500
• docs: note push-to-repo classic PAT workflow scope requirement by @​scop in peter-evans/create-pull-request#3511
• docs: spelling fixes by @​scop in peter-evans/create-pull-request#3512
• build(deps-dev): bump typescript from 5.6.3 to 5.7.2 by @​dependabot in peter-evans/create-pull-request#3516
• build(deps-dev): bump prettier from 3.3.3 to 3.4.0 by @​dependabot in peter-evans/create-pull-request#3517
• build(deps-dev): bump @​types/node from 18.19.64 to 18.19.66 by @​dependabot in peter-evans/create-pull-request#3518
• docs(README): clarify that an existing open PR is managed by @​caugner in peter-evans/create-pull-request#3498
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3529
• build(deps): bump @​octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 by @​dependabot in peter-evans/create-pull-request#3542
• build(deps-dev): bump @​types/node from 18.19.66 to 18.19.67 by @​dependabot in peter-evans/create-pull-request#3543
• build(deps-dev): bump prettier from 3.4.0 to 3.4.1 by @​dependabot in peter-evans/create-pull-request#3544
• build(deps-dev): bump eslint-import-resolver-typescript from 3.6.3 to 3.7.0 by @​dependabot in peter-evans/create-pull-request#3559
• build(deps-dev): bump prettier from 3.4.1 to 3.4.2 by @​dependabot in peter-evans/create-pull-request#3560
• build(deps-dev): bump @​types/node from 18.19.67 to 18.19.68 by @​dependabot in peter-evans/create-pull-request#3570
• build(deps): bump p-limit from 6.1.0 to 6.2.0 by @​dependabot in peter-evans/create-pull-request#3578
• Update distribution by @​actions-bot in peter-evans/create-pull-request#3583
• fix: preserve unicode in filepaths when commit signing by @​peter-evans in peter-evans/create-pull-request#3588

New Contributors

• @​benmccann made their first contribution in peter-evans/create-pull-request#3475
• @​scop made their first contribution in peter-evans/create-pull-request#3511
• @​caugner made their first contribution in peter-evans/create-pull-request#3498

... (truncated)

Commits

• 67ccf78 fix: preserve unicode in filepaths when commit signing (#3588)
• bb88e27 build: update distribution (#3583)
• b378ed5 build(deps): bump p-limit from 6.1.0 to 6.2.0 (#3578)
• fa9200e build(deps-dev): bump @​types/node from 18.19.67 to 18.19.68 (#3570)
• 16e0059 build(deps-dev): bump prettier from 3.4.1 to 3.4.2 (#3560)
• 5bffd5a build(deps-dev): bump eslint-import-resolver-typescript (#3559)
• a22a0dd build(deps-dev): bump prettier from 3.4.0 to 3.4.1 (#3544)
• b27ce37 build(deps-dev): bump @​types/node from 18.19.66 to 18.19.67 (#3543)
• 4e0cc19 build(deps): bump @​octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 (#3542)
• 25b6871 docs: update scopes for push-to-fork
• Additional commits viewable in compare view

Updates stefanzweifel/git-auto-commit-action from 5.0.1 to 5.1.0

Release notes

Sourced from stefanzweifel/git-auto-commit-action's releases.

v5.1.0

Changed

• Include github.actor_id in default commit_author (#354) @​parkerbxyz

Fixed

• docs(README): fix broken protected branch docs link (#346) @​scarf005
• Update README.md (#343) @​Kludex

Dependency Updates

• Bump bats from 1.11.0 to 1.11.1 (#353) @​dependabot
• Bump github/super-linter from 6 to 7 (#342) @​dependabot
• Bump github/super-linter from 5 to 6 (#335) @​dependabot

Changelog

Sourced from stefanzweifel/git-auto-commit-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Unreleased

TBD

v5.1.0 - 2025-01-11

Changed

• Include github.actor_id in default commit_author (#354) @​parkerbxyz

Fixed

• docs(README): fix broken protected branch docs link (#346) @​scarf005
• Update README.md (#343) @​Kludex

Dependency Updates

• Bump bats from 1.11.0 to 1.11.1 (#353) @​dependabot
• Bump github/super-linter from 6 to 7 (#342) @​dependabot
• Bump github/super-linter from 5 to 6 (#335) @​dependabot

v5.0.1 - 2024-04-12

Fixed

• Fail if attempting to execute git commands in a directory that is not a git-repo. (#326) @​ccomendant

Dependency Updates

• Bump bats from 1.10.0 to 1.11.0 (#325) @​dependabot
• Bump release-drafter/release-drafter from 5 to 6 (#319) @​dependabot

Misc

• Clarify commit_author input option (#315) @​npanuhin
• Add step id explanation for output in README.md (#324) @​ChristianVermeulen
• Linux is not UNIX (#321) @​couling

v5.0.0 - 2023-10-06

New major release that bumps the default runtime to Node 20. There are no other breaking changes.

Changed

... (truncated)

Commits

• e348103 Merge pull request #354 from parkerbxyz/patch-1
• 032ffbe Include github.actor_id in default commit_author
• 0b492c0 Bump bats from 1.11.0 to 1.11.1 (#353)
• 050015d Add Scope/Permissions documentation for PATs
• 573710f docs(README): fix broken protected branch docs link (#346)
• e961da7 Update README.md (#343)
• ac88237 Bump github/super-linter from 6 to 7 (#342)
• be823a7 Bump github/super-linter from 5 to 6 (#335)
• 55a82ca Add Section on preventing infinite loops to README
• 18157e6 Update bug.yaml
• Additional commits viewable in compare view

Updates withastro/action from 3.0.0 to 3.0.2

Release notes

Sourced from withastro/action's releases.

v3.0.2

Changelog

• Bun 1.2 compatibility @​ollecoffee (#66)

See details of all code changes since previous release.

v3.0.1

Changelog

• bumping setup-bun from v1 to v2 @​ollecoffee (#63)

See details of all code changes since previous release.

Commits

• 56781b9 Bun 1.2 compatibility (#66)
• e5dd289 bumping setup-bun from v1 to v2 (#63)
• See full diff in compare view

Updates actions/stale from 9.0.0 to 9.1.0

Release notes

Sourced from actions/stale's releases.

v9.1.0

What's Changed

• Documentation update by @​Marukome0743 in actions/stale#1116
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/stale#1179
• Update undici from 5.28.2 to 5.28.4 by @​dependabot in actions/stale#1150
• Update actions/checkout from 3 to 4 by @​dependabot in actions/stale#1091
• Update actions/publish-action from 0.2.2 to 0.3.0 by @​dependabot in actions/stale#1147
• Update ts-jest from 29.1.1 to 29.2.5 by @​dependabot in actions/stale#1175
• Update @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in actions/stale#1191
• Update @​types/jest from 29.5.11 to 29.5.14 by @​dependabot in actions/stale#1193
• Update @​actions/cache from 3.2.2 to 4.0.0 by @​dependabot in actions/stale#1194

New Contributors

• @​Marukome0743 made their first contribution in actions/stale#1116
• @​Jcambass made their first contribution in actions/stale#1179

Full Changelog: actions/stale@v9...v9.1.0

Commits

• 5bef64f build(deps): bump @​actions/cache from 3.2.2 to 4.0.0 (#1194)
• fa77dfd build(deps-dev): bump @​types/jest from 29.5.11 to 29.5.14 (#1193)
• f04443d build(deps): bump @​actions/core from 1.10.1 to 1.11.1 (#1191)
• 5c715b0 build(deps-dev): bump ts-jest from 29.1.1 to 29.2.5 (#1175)
• f691222 build(deps): bump actions/publish-action from 0.2.2 to 0.3.0 (#1147)
• df990c2 build(deps): bump actions/checkout from 3 to 4 (#1091)
• 6e472ce Merge pull request #1179 from actions/Jcambass-patch-1
• d10ba64 Merge pull request #1150 from actions/dependabot/npm_and_yarn/undici-5.28.4
• bbf3da5 resolve check failures
• 6a2e61d Add workflow file for publishing releases to immutable action package
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/labeler.yml

Package	Version	License	Issue Type
eps1lon/actions-label-merge-conflict	1df065ebe6e3310545d4f4c4e862e43bdca146f0	Null	Unknown License

.github/workflows/pages-astro.yml

Package	Version	License	Issue Type
withastro/action	56781b97402ce0487b7e61ce2cb960c0e2cc5289	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/release-drafter/release-drafter	6.1.0	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 11 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/wagoid/commitlint-github-action	b948419dd99f3fd78a6548d48f94e3df7f6bf3ed	🟢 3.6	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected Vulnerabilities ⚠️ 0 16 existing vulnerabilities detected
actions/dependabot/fetch-metadata	d7267f607e9d3fb96fc2fbe83e0af444713e90b7	🟢 6.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
actions/microsoft/DevSkim-Action	a6b6966a33b497cd3ae2ebc406edf8f4cc2feec6	🟢 6.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 2 SAST tool is not run on all commits -- score normalized to 2
actions/eps1lon/actions-label-merge-conflict	1df065ebe6e3310545d4f4c4e862e43bdca146f0	🟢 3.9	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 6 Found 8/13 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
actions/oxsecurity/megalinter	839e6d63c0423eb74ce2578225f8b8b4bed63ede	🟢 3.7	Details Check Score Reason Code-Review ⚠️ 2 Found 4/15 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 50 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
actions/peter-evans/create-pull-request	67ccf781d68cd99b580ae25a5c18a1cc84ffff1f	🟢 5.2	Details Check Score Reason Code-Review 🟢 6 Found 8/12 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
actions/stefanzweifel/git-auto-commit-action	e348103e9026cc0eee72ae06630dbe30c8bf7a79	🟢 4	Details Check Score Reason Maintained 🟢 4 4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4 Code-Review ⚠️ 2 Found 7/24 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
actions/withastro/action	56781b97402ce0487b7e61ce2cb960c0e2cc5289	🟢 5.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 6 Found 13/20 approved changesets -- score normalized to 6 Maintained 🟢 5 2 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 5 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
actions/release-drafter/release-drafter	b1476f6e6eb133afa41ed8589daba6dc69b4d3f5	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 11 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 8 2 existing vulnerabilities detected
actions/actions/stale	5bef64f19d7facfb25b37b414482c7164d639639	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• .github/workflows/ci.yml
• .github/workflows/commitlint.yml
• .github/workflows/dependabot-merge.yml
• .github/workflows/devskim-analysis.yml
• .github/workflows/labeler.yml
• .github/workflows/mega-linter.yml
• .github/workflows/pages-astro.yml
• .github/workflows/release-drafter.yml
• .github/workflows/stale.yml