Skip to content

build(deps): bump the dependencies group across 1 directory with 3 updates#6037

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/dependencies-7b6daeb50b
Closed

build(deps): bump the dependencies group across 1 directory with 3 updates#6037
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/dependencies-7b6daeb50b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026
edited
Loading

Bumps the dependencies group with 3 updates in the / directory: megalinter/megalinter, actions/github-script and actions/stale.

Updates megalinter/megalinter from 8.4.2 to 9.4.0

Release notes

Sourced from megalinter/megalinter's releases.

v9.4.0

What's Changed

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(n²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from megalinter/megalinter's changelog.

[v9.4.0] - 2026-02-28

  • Core

    • Improve files browsing performances (2 PRs)
    • Optimize parallel linter processing and improve grouping logic
    • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
    • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
    • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
    • Cache subprocess environment per linter run and excluded directories per request
    • Optimize parallel linter result update from O(n²) to O(n)
    • Add support in the build of Docker images for linux/arm64 in compatible linters

  • New linters

  • Disabled linters

  • Linters enhancements

    • Use the official checkmake image by @​bdovaz
    • Spectral: Add sarif support to spectral by @​bdovaz
    • Spectral: Change cli_lint_mode to list_of_files to improve performances

  • Fixes

    • Add support for SSH remote origins when building custom flavors (fixes: #6511)
    • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
    • Fix wrong tagging apply_fixes=True when linter has no fix options configured
    • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
    • Fix operator precedence bug in pre_post_factory pre/post command logic
    • Fix file handle leak in GitleaksLinter
    • Fix variable name bug in utils.get_git_context_info
    • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

  • Reporters

    • Add a link inviting to star MegaLinter
    • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
    • Update WebHook reporter so it can send more events for a better integration with UI
    • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
    • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
    • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

  • Flavors

    • Custom flavor builder:
      • Add support for SSH remotes
      • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
      • Build & release custom flavor builder image for linux/arm64

  • Doc

    • JSON Schema: Add default values for file extensions and file names variables + improve descriptions
    • Update default secured env variables documentation

... (truncated)

Commits
  • 8fbdead Release MegaLinter v9.4.0
  • 9f605c4 Fix custom flavor builder workflow (#7306)
  • b7dcb60 Update changelog to prepare release (#7304)
  • 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
  • edba876 [automation] Auto-update linters version, help and documentation (#7299)
  • 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
  • 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
  • 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
  • 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
  • 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
  • Additional commits viewable in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

Updates actions/stale from 9 to 10

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: actions/stale@v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: actions/stale@v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[10.1.0]

What's Changed

[10.0.0]

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

... (truncated)

Commits
  • b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
  • dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
  • d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
  • a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
  • 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
  • 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
  • fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
  • 39bea7d Add Missing Input Reading for only-issue-types (#1298)
  • e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
  • 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the dependencies group across 1 directory with 3 up…
1495783 
…dates

Bumps the dependencies group with 3 updates in the / directory: [megalinter/megalinter](https://github.com/megalinter/megalinter), [actions/github-script](https://github.com/actions/github-script) and [actions/stale](https://github.com/actions/stale).


Updates `megalinter/megalinter` from 8.4.2 to 9.4.0
- [Release notes](https://github.com/megalinter/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@v8.4.2...v9.4.0)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

---
updated-dependencies:
- dependency-name: megalinter/megalinter
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 24, 2026
@mergify mergify bot added the needs-work Extra attention is needed label Mar 24, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 24, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.84%. Comparing base (bd4bc99) to head (1495783).
⚠️ Report is 41 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6037      +/-   ##
==========================================
+ Coverage   74.65%   76.84%   +2.18%     
==========================================
  Files          73       74       +1     
  Lines       11139     9307    -1832     
==========================================
- Hits         8316     7152    -1164     
+ Misses       2186     1511     -675     
- Partials      637      644       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mergify mergify bot added the conflict PR has conflicts label Mar 26, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 26, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 26, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/dependencies-7b6daeb50b branch March 26, 2026 21:03
@mergify mergify bot removed the conflict PR has conflicts label Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code needs-work Extra attention is needed size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants