Bump the "dependabot-all" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the dependabot-all group with 11 updates:

Package	From	To
actions/checkout	6.0.1	6.0.2
devops-actions/actionlint	0.1.10	0.1.11
oxsecurity/megalinter	9.2.0	9.4.0
actions/upload-artifact	6.0.0	7.0.0
google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml	2.3.1	2.3.3
google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml	2.3.1	2.3.3
actions/setup-node	6.1.0	6.3.0
actions/cache	5.0.1	5.0.3
actions/stale	10.1.1	10.2.0
actions/ai-inference	2.0.4	2.0.7
peter-evans/create-pull-request	8.0.0	8.1.0

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• See full diff in compare view

Updates devops-actions/actionlint from 0.1.10 to 0.1.11

Release notes

Sourced from devops-actions/actionlint's releases.

Release v0.1.11

What's Changed

• Update actionlint version to 1.7.11 by @​github-actions[bot] in devops-actions/actionlint#161

Dependency updates (GitHub Actions)

• Bump github/codeql-action from 4.31.2 to 4.31.6 by @​dependabot[bot] in devops-actions/actionlint#127
• Bump actions/dependency-review-action from 4.8.1 to 4.8.2 by @​dependabot[bot] in devops-actions/actionlint#125
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in devops-actions/actionlint#123
• Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in devops-actions/actionlint#122
• Bump github/codeql-action from 4.31.6 to 4.31.7 by @​dependabot[bot] in devops-actions/actionlint#137
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in devops-actions/actionlint#136
• Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @​dependabot[bot] in devops-actions/actionlint#135
• Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in devops-actions/actionlint#140
• Bump jessehouwing/actions-semver-checker from 1.0.7 to 1.0.8 by @​dependabot[bot] in devops-actions/actionlint#142
• Bump github/codeql-action from 4.31.7 to 4.31.8 by @​dependabot[bot] in devops-actions/actionlint#141
• Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @​dependabot[bot] in devops-actions/actionlint#139
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in devops-actions/actionlint#143
• Bump devops-actions/issue-comment-tag from 0.1.8 to 0.1.9 by @​dependabot[bot] in devops-actions/actionlint#152
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in devops-actions/actionlint#153
• Bump jessehouwing/actions-semver-checker from 1.0.8 to 1.0.9 by @​dependabot[bot] in devops-actions/actionlint#155
• Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @​dependabot[bot] in devops-actions/actionlint#154
• Bump jessehouwing/actions-semver-checker from 1.0.9 to 2.0.3 by @​dependabot[bot] in devops-actions/actionlint#156
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @​dependabot[bot] in devops-actions/actionlint#157
• Bump jessehouwing/actions-semver-checker from 2.0.3 to 2.0.4 by @​dependabot[bot] in devops-actions/actionlint#159

Other Changes

• Add reusable actions-dependencies workflow by @​rajbos in devops-actions/actionlint#128
• Add reusable issue-pr-tag workflow by @​rajbos in devops-actions/actionlint#129
• Update actionlint version to 1.7.9 by @​github-actions[bot] in devops-actions/actionlint#126
• Add top-level permissions to issue-pr-tag workflow by @​rajbos in devops-actions/actionlint#130
• Add top-level permissions: contents: read to all workflows by @​rajbos in devops-actions/actionlint#131
• add top level permissions by @​rajbos in devops-actions/actionlint#132
• Update actionlint version to 1.7.9 by @​github-actions[bot] in devops-actions/actionlint#138
• Standardize dependency-review workflow to use reusable workflow by @​rajbos in devops-actions/actionlint#146
• Standardize workflows to use reusable workflows from .github repo by @​rajbos in devops-actions/actionlint#145
• Add release notes categories by @​rajbos in devops-actions/actionlint#150
• Fix update-actionlint workflow failing on repeated runs by @​Copilot in devops-actions/actionlint#160

Full Changelog: devops-actions/actionlint@v0.1.10...v0.1.11

Commits

• 469810f Update actionlint version to 1.7.11 (#161)
• 16325c3 Fix update-actionlint workflow failing on repeated runs (#160)
• 1911209 Merge pull request #159 from devops-actions/dependabot/github_actions/jesseho...
• 0a8db88 Bump jessehouwing/actions-semver-checker from 2.0.3 to 2.0.4
• be93a3d Bump step-security/harden-runner from 2.14.1 to 2.14.2 (#157)
• 7e2800d Merge pull request #156 from devops-actions/dependabot/github_actions/jesseho...
• 4cb1ad0 Bump jessehouwing/actions-semver-checker from 1.0.9 to 2.0.3
• 191d0bc Bump step-security/harden-runner from 2.14.0 to 2.14.1 (#154)
• 9b61223 Merge pull request #155 from devops-actions/dependabot/github_actions/jesseho...
• 6154f0a Bump jessehouwing/actions-semver-checker from 1.0.8 to 1.0.9
• Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.2.0 to 9.4.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.4.0

What's Changed

• Core

  • Improve files browsing performances (2 PRs)
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
  • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
  • Cache subprocess environment per linter run and excluded directories per request
  • Optimize parallel linter result update from O(n²) to O(n)
  • Add support in the build of Docker images for linux/arm64 in compatible linters

• New linters

  • Add PYTHON_NBQA_MYPY for type-checking Jupyter notebooks using nbqa + mypy

• Disabled linters

  • LUA_SELENE: Kampfkarren/selene#662

• Linters enhancements

  • Use the official checkmake image by @​bdovaz
  • Spectral: Add sarif support to spectral by @​bdovaz
  • Spectral: Change cli_lint_mode to list_of_files to improve performances

• Fixes

  • Add support for SSH remote origins when building custom flavors (fixes: #6511)
  • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
  • Fix wrong tagging apply_fixes=True when linter has no fix options configured
  • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
  • Fix operator precedence bug in pre_post_factory pre/post command logic
  • Fix file handle leak in GitleaksLinter
  • Fix variable name bug in utils.get_git_context_info
  • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

• Reporters

  • Add a link inviting to star MegaLinter
  • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
  • Update WebHook reporter so it can send more events for a better integration with UI
  • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
  • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
  • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

• Flavors

  • Custom flavor builder:
    • Add support for SSH remotes
    • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
    • Build & release custom flavor builder image for linux/arm64

• Doc

  • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

• Disabled linters

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Flavors

• Doc

• CI

• mega-linter-runner

• Linter versions upgrades (N)

  • isort from 8.0.0 to 8.0.1 on 2026-02-28
  • rumdl from 0.1.32 to 0.1.33 on 2026-03-04
  • trivy-sbom from 0.69.1 to 0.69.2 on 2026-03-04
  • trivy from 0.69.1 to 0.69.2 on 2026-03-04

[v9.4.0] - 2026-02-28

• Core
  • Improve files browsing performances (2 PRs)
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances

... (truncated)

Commits

• 8fbdead Release MegaLinter v9.4.0
• 9f605c4 Fix custom flavor builder workflow (#7306)
• b7dcb60 Update changelog to prepare release (#7304)
• 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
• edba876 [automation] Auto-update linters version, help and documentation (#7299)
• 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
• 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
• 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
• 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
• 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• See full diff in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.3.1 to 2.3.3

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's releases.

v2.3.3

This updates OSV-Scanner to v2.3.3.

What's Changed

• chore(deps): update github/codeql-action action to v4.31.10 by @​renovate-bot in google/osv-scanner-action#115
• Update to v2.3.3 by @​Ly-Joey in google/osv-scanner-action#118

New Contributors

• @​Ly-Joey made their first contribution in google/osv-scanner-action#118

Full Changelog: google/osv-scanner-action@v2.3.2...v2.3.3

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

• [Bug #2415](google/osv-scanner#2415) Add more PURL-to-ecosystem mappings
• [Bug #2422](google/osv-scanner#2422) MCP error for get_vulnerability_id because type definition is incorrect.
• [Bug #2460](google/osv-scanner#2460) Enable osv-scanner.json git queries
• [Bug #2456](google/osv-scanner#2456) Properly track if an ignore entry has been used
• [Bug #2450](google/osv-scanner#2450) Performance: Avoid loading the entire advisory unless it will actually be used
• [Bug #2445](google/osv-scanner#2445) Performance: Don't read the entire zip into memory
• [Bug #2433](google/osv-scanner#2433) Allow specifying user agent in v2 osvscanner package

Misc:

• [Misc #2453](google/osv-scanner#2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• [Misc #2447](google/osv-scanner#2447) Include bun.lock as a supported lockfile
• [Misc #2444](google/osv-scanner#2444) Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Commits

• c5996e0 Merge pull request #118 from google/update-to-v2.3.3
• f4fac92 Update unified workflow example to point to v2.3.3 reusable workflows
• 8ae4be8 Update reusable workflows to point to v2.3.3 actions
• 8018483 "Update actions to use v2.3.3 osv-scanner image"
• 2c222db Merge pull request #115 from renovate-bot/renovate/workflows
• 2a387ed Merge pull request #116 from google/update-to-v2.3.2
• f75042f Update unified workflow example to point to v2.3.2 reusable workflows
• 17ad728 Update reusable workflows to point to v2.3.2 actions
• 9eebeae "Update actions to use v2.3.2 osv-scanner image"
• 115472d chore(deps): update github/codeql-action action to v4.31.10
• Additional commits viewable in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml from 2.3.1 to 2.3.3

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's releases.

v2.3.3

This updates OSV-Scanner to v2.3.3.

What's Changed

• chore(deps): update github/codeql-action action to v4.31.10 by @​renovate-bot in google/osv-scanner-action#115
• Update to v2.3.3 by @​Ly-Joey in google/osv-scanner-action#118

New Contributors

• @​Ly-Joey made their first contribution in google/osv-scanner-action#118

Full Changelog: google/osv-scanner-action@v2.3.2...v2.3.3

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

• [Bug #2415](google/osv-scanner#2415) Add more PURL-to-ecosystem mappings
• [Bug #2422](google/osv-scanner#2422) MCP error for get_vulnerability_id because type definition is incorrect.
• [Bug #2460](google/osv-scanner#2460) Enable osv-scanner.json git queries
• [Bug #2456](google/osv-scanner#2456) Properly track if an ignore entry has been used
• [Bug #2450](google/osv-scanner#2450) Performance: Avoid loading the entire advisory unless it will actually be used
• [Bug #2445](google/osv-scanner#2445) Performance: Don't read the entire zip into memory
• [Bug #2433](google/osv-scanner#2433) Allow specifying user agent in v2 osvscanner package

Misc:

• [Misc #2453](google/osv-scanner#2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• [Misc #2447](google/osv-scanner#2447) Include bun.lock as a supported lockfile
• [Misc #2444](google/osv-scanner#2444) Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Commits

• c5996e0 Merge pull request #118 from google/update-to-v2.3.3
• f4fac92 Update unified workflow example to point to v2.3.3 reusable workflows
• 8ae4be8 Update reusable workflows to point to v2.3.3 actions
• 8018483 "Update actions to use v2.3.3 osv-scanner image"
• 2c222db Merge pull request #115 from renovate-bot/renovate/workflows
• 2a387ed Merge pull request #116 from google/update-to-v2.3.2
• f75042f Update unified workflow example to point to v2.3.2 reusable workflows
• 17ad728 Update reusable workflows to point to v2.3.2 actions
• 9eebeae "Update actions to use v2.3.2 osv-scanner image"
• 115472d chore(deps): update github/codeql-action action to v4.31.10
• Additional commits viewable in compare view

Updates actions/setup-node from 6.1.0 to 6.3.0

Release notes

Sourced from actions/setup-node's releases.

v6.3.0

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in actions/setup-node#1491
• Replace uuid with crypto.randomUUID() by @​trivikr in actions/setup-node#1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-node#1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in actions/setup-node#1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in actions/setup-node#1495

New Contributors

• @​susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @​mahabaleshwars in actions/setup-node#1454
• Correct mirror option typos by @​MikeMcC399 in actions/setup-node#1442
• Readme update on checkout version v6 by @​deining in actions/setup-node#1446
• Readme typo fixes @​munyari in actions/setup-node#1226
• Advanced document update on checkout version v6 by @​aparnajyothi-y in actions/setup-node#1468

Dependency updates:

• Upgrade @​actions/cache to v5.0.1 by @​salmanmkc in actions/setup-node#1449

New Contributors

• @​mahabaleshwars made their first contribution in actions/setup-node#1454
• @​MikeMcC399 made their first contribution in actions/setup-node#1442
• @​deining made their first contribution in actions/setup-node#1446
• @​munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

Commits

• 53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
• 54045ab Scope test lockfiles by package manager and update cache tests (#1495)
• c882bff Replace uuid with crypto.randomUUID() (#1378)
• 774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
• efcb663 fix: remove hardcoded bearer (#1467)
• d02c89d Fix npm audit issues (#1491)
• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• Additional commits viewable in compare view

Updates actions/cache from 5.0.1 to 5.0.3

Release notes

Sourced from actions/cache's releases.

v5.0.3

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

• Bump @actions/cache to v4.1.0

... (truncated)

Commits

• cdf6c1f Merge pull request #1695 from actions/Link-/prepare-5.0.3
• a1bee22 Add review for the @​actions/http-client license
• 4695763 Add licensed output
• dc73bb9 Upgrade dependencies and address security warnings
• 345d5c2 Add 5.0.3 builds
• 8b402f5 Merge pull request #1692 from GhadimiR/main
• 304ab5a license for httpclient
• 609fc19 Update licensed record for cache
• b22231e Build
• 93150cd Add PR link to releases
• Additional commits viewable in compare view

Updates actions/stale from 10.1.1 to 10.2.0

Release notes

Sourced from actions/stale's releases.

v10.2.0

What's Changed

Bug Fix

• Fix checking state cache (fix #1136) and switch to Octokit helper methods by @​itchyny in actions/stale#1152

Dependency Updates

• Upgrade js-yaml from 4.1.0 to 4.1.1 by @​dependabot in actions/stale#1304
• Upgrade lodash from 4.17.21 to 4.17.23 by @​dependabot in actions/stale#1313
• Upgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by @​chiranjib-swain in actions/stale#1312

New Contributors

• @​itchyny made their first contribution in actions/stale#1152

Full Changelog: actions/stale@v10...v10.2.0

Commits

• b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
• dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
• d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
• a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
• See full diff in compare view

Updates actions/ai-inference from 2.0.4 to 2.0.7

Release notes

Sourced from actions/ai-inference's releases.

v2.0.7

What's Changed

• Support passing max_tokens and max_completion_tokens by @​GitPaulo in actions/ai-inference#173

Full Changelog: actions/ai-inference@v2...v2.0.7

v2.0.6

What's Changed

• Add model parameters temperature and topP to action inputs by @​GitPaulo in actions/ai-inference#168
• chore(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in actions/ai-inference#164
• chore(deps): bump @​rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1 by @​dependabot[bot] in actions/ai-inference#160
• Update deprecated max_tokens to max_completion_tokens by @​GitPaulo in actions/ai-inference#170

New Contributors

• @​GitPaulo made their first contribution in actions/ai-inference#168

Full Changelog: actions/ai-inference@v2.0.5...v2.0.6

v2.0.5

What's Changed

• chore(deps): bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in actions/ai-inference#146
• chore(deps): bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in actions/ai-inference#157
• chore(deps-dev): bump vite from 7.0.6 to 7.1.11 by @​dependabot[bot] in actions/ai-inference#135Description has been truncated

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.98%. Comparing base (033c231) to head (3296787).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

❌ Your project status has failed because the head coverage (92.98%) is below the target coverage (95.00%). You can increase the head coverage or adjust the target coverage.

Flag	Coverage Δ
pwsh-macos-latest	92.06% <ø> (ø)
pwsh-ubuntu-latest	91.60% <ø> (ø)
pwsh-windows-latest	92.79% <ø> (ø)
windows-powershell-51	92.79% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@@           Coverage Diff           @@
##             main      #18   +/-   ##
=======================================
  Coverage   92.98%   92.98%           
=======================================
  Files          55       55           
  Lines        1512     1512           
=======================================
  Hits         1406     1406           
  Misses        106      106           

Components	Coverage Δ
Core Module	92.98% <ø> (ø)
Test Suite	∅ <ø> (∅)
Utility Scripts	∅ <ø> (∅)
Configuration & Build	∅ <ø> (∅)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 033c231...3296787. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.