scorecard-webapp icon indicating copy to clipboard operation
scorecard-webapp copied to clipboard

Published 20 hours ago verified publisher icon ossf

:seedling: Bump github.com/rhysd/actionlint from 1.7.8 to 1.7.9 in the gomod group

Open dependabot[bot] opened this issue 1 week ago • 1 comments

Bumps the gomod group with 1 update: github.com/rhysd/actionlint.

Updates github.com/rhysd/actionlint from 1.7.8 to 1.7.9

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.9

  • Add support for ubuntu-slim runner label. (#585, thanks @​cestorer)
  • Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#580) 
    - uses: reviewdog/action-actionlint@v1
  with:
    # ERROR: Using a deprecated input
    fail_on_error: true
  • Add support for the Custom images feature.
  • Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
  • Fix some invalid permissions are not reported as error in id-token and models scopes. (#582, thanks @​holtkampjs)
  • Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#550)
  • Set correct column in source position of YAML parse error.
  • Fix credentials cannot be configured with ${{ }}. (#590)
  • Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
  • Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
  • Improve error messages showing suggestions on detecting invalid permissions.
  • Add instruction for installing actionlint with mise package manager. (#589, thanks @​jylenhof)
  • Fix outdated URLs in the document.
  • Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
  • Update popular actions data set to the latest with several major versions of actions and the following new actions.
    • anthropics/claude-code-action
    • openai/codex-action
    • google-github-actions/run-gemini-cli
  • Add make cov task to easily generate a code coverage report.
  • Make installing the formula version of actionlint pacakge from tap of this repository with Homebrew a hard error. Install the cask version instead following the instruction in the error message.
Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.9 - 2025-11-21

  • Add support for ubuntu-slim runner label. (#585, thanks @​cestorer)
  • Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#580) 
    - uses: reviewdog/action-actionlint@v1
  with:
    # ERROR: Using a deprecated input
    fail_on_error: true
  • Add support for the Custom images feature.
  • Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
  • Fix some invalid permissions are not reported as error in id-token and models scopes. (#582, thanks @​holtkampjs)
  • Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#550)
  • Set correct column in source position of YAML parse error.
  • Fix credentials cannot be configured with ${{ }}. (#590)
  • Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
  • Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
  • Improve error messages showing suggestions on detecting invalid permissions.
  • Add instruction for installing actionlint with mise package manager. (#589, thanks @​jylenhof)
  • Fix outdated URLs in the document.
  • Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
  • Update popular actions data set to the latest with several major versions of actions and the following new actions.
    • anthropics/claude-code-action
    • openai/codex-action
    • google-github-actions/run-gemini-cli
  • Add make cov task to easily generate a code coverage report.
  • Make installing the formula version of actionlint pacakge from tap of this repository with Homebrew a hard error. Install the cask version instead following the instruction in the error message.

[Changes][v1.7.9]

... (truncated)

Commits
  • a443f34 bump up version to v1.7.9
  • c48cd05 fix deprecated GoReleaser config
  • a03892f update the popular actions data set for actions/checkout@v6
  • c85ea65 make installing formula version of actionlint error
  • eb4d397 update playground npm dependencies
  • baee0a7 fix webhook generation script
  • 56ecc8c add anthropics/claude-code-action, openai/codex-action, `google-github-ac...
  • 5ed2da8 add more tests for parsing and checking container and services
  • dbcf56f report image is missing in container
  • e4ba27e fix credentials cannot be initialized with ${{ }} (fix #590)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar Nov 21 '25 18:11 dependabot[bot]

Deploy Preview for ossf-scorecard canceled.

Name Link
Latest commit f8d3e81c878327521b6eb0a7e401820565ba1421
Latest deploy log https://app.netlify.com/projects/ossf-scorecard/deploys/6920a94c83299f0008cd5463

netlify[bot] avatar Nov 21 '25 18:11 netlify[bot]

Looks like github.com/rhysd/actionlint is updatable in another way, so this is no longer needed.

dependabot[bot] avatar Dec 01 '25 22:12 dependabot[bot]