[vendor-schemas] automated update

Author: sirosen

CHANGELOG.rst

@@ -10,7 +10,8 @@ Unreleased
 
 .. vendor-insert-here
 
-- Update vendored schemas: compose-spec, meltano, renovate (2025-07-06)
+- Update vendored schemas: bitbucket-pipelines, buildkite, compose-spec, dependabot,
+  github-actions, gitlab-ci, meltano, mergify, renovate (2025-08-03)
 
 0.33.2
 ------

src/check_jsonschema/builtin_schemas/vendor/bitbucket-pipelines.json

@@ -25,6 +25,15 @@
       "description": "Whether to proceed with this step and further steps if a step named in the depends_on attribute fails",
       "default": false
     },
+    "image": {
+      "type": "string",
+      "description": "(Kubernetes stack only) The container image to use for this pipeline or step",
+      "examples": [
+        "node:18-alpine",
+        "python:3.11",
+        "ubuntu:22.04"
+      ]
+    },
     "agents": {
       "oneOf": [
         { "$ref": "#/definitions/agentsObject" },
@@ -749,6 +758,9 @@
           "$ref": "#/definitions/commandStep/properties/key",
           "deprecated": true
         },
+        "image": {
+          "$ref": "#/definitions/image"
+        },
         "label": {
           "$ref": "#/definitions/label"
         },
@@ -1336,6 +1348,9 @@
     "notify": {
       "$ref": "#/definitions/buildNotify"
     },
+    "image": {
+      "$ref": "#/definitions/image"
+    },
     "steps": {
       "description": "A list of steps",
       "type": "array",

src/check_jsonschema/builtin_schemas/vendor/buildkite.json

@@ -206,7 +206,8 @@
         },
         "container_name": {
           "type": "string",
-          "description": "Specify a custom container name, rather than a generated default name."
+          "description": "Specify a custom container name, rather than a generated default name.",
+          "pattern": "[a-zA-Z0-9][a-zA-Z0-9_.-]+"
         },
         "cpu_count": {
           "oneOf": [
@@ -533,6 +534,10 @@
                     "endpoint_var": {
                       "type": "string",
                       "description": "Environment variable set to AI model endpoint."
+                    },
+                    "model_var": {
+                      "type": "string",
+                      "description": "Environment variable set to AI model name."
                     }
                   },
                   "additionalProperties": false,

src/check_jsonschema/builtin_schemas/vendor/compose-spec.json

@@ -698,6 +698,7 @@
     },
     "update": {
       "type": "object",
+      "additionalProperties": false,
       "properties": {
         "allow": {
           "description": "Customize which updates are allowed",
@@ -757,6 +758,49 @@
           ],
           "additionalProperties": false
         },
+        "cooldown": {
+          "description": "Defines a cooldown period for dependency updates, allowing updates to be delayed for a configurable number of days. This feature enables users to customize how often Dependabot generates new version updates, offering greater control over update frequency.",
+          "type": "object",
+          "properties": {
+            "default-days": {
+              "description": "Default cooldown period for dependencies without specific rules (optional).",
+              "type": "integer",
+              "minimum": 0
+            },
+            "semver-major-days": {
+              "description": "Cooldown period for major version updates (optional, applies only to package managers supporting SemVer).",
+              "type": "integer",
+              "minimum": 0
+            },
+            "semver-minor-days": {
+              "description": "Cooldown period for minor version updates (optional, applies only to package managers supporting SemVer).",
+              "type": "integer",
+              "minimum": 0
+            },
+            "semver-patch-days": {
+              "description": "Cooldown period for patch version updates (optional, applies only to package managers supporting SemVer).",
+              "type": "integer",
+              "minimum": 0
+            },
+            "include": {
+              "description": "List of dependencies to apply cooldown (up to 150 items). Supports wildcards (`*`).",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "maxItems": 150
+            },
+            "exclude": {
+              "description": "List of dependencies excluded from cooldown (up to 150 items). Supports wildcards (`*`).",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "maxItems": 150
+            }
+          },
+          "additionalProperties": false
+        },
         "directories": {
           "description": "Locations of package manifests",
           "type": "array",
@@ -1026,6 +1070,7 @@
             "type": {
               "description": "Identifies the type of registry.",
               "enum": [
+                "cargo-registry",
                 "composer-repository",
                 "docker-registry",
                 "git",
@@ -1034,6 +1079,7 @@
                 "maven-repository",
                 "npm-registry",
                 "nuget-feed",
+                "pub-repository",
                 "python-index",
                 "rubygems-server",
                 "terraform-registry"

src/check_jsonschema/builtin_schemas/vendor/dependabot.json

@@ -32,7 +32,7 @@
         "using": {
           "$comment": "https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsusing",
           "description": "The application used to execute the code specified in `main`.",
-          "enum": ["node12", "node16", "node20"]
+          "enum": ["node12", "node16", "node20", "node24"]
         },
         "main": {
           "$comment": "https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runsmain",

src/check_jsonschema/builtin_schemas/vendor/github-actions.json

@@ -272,6 +272,10 @@
           "markdownDescription": "Reports will be uploaded as artifacts, and often displayed in the GitLab UI, such as in merge requests. [Learn More](https://docs.gitlab.com/ci/yaml/#artifactsreports).",
           "additionalProperties": false,
           "properties": {
+            "accessibility": {
+              "type": "string",
+              "description": "Path to JSON file with accessibility report."
+            },
             "annotations": {
               "type": "string",
               "description": "Path to JSON file with annotations report."
@@ -752,7 +756,10 @@
               "additionalProperties": false,
               "properties": {
                 "user": {
-                  "type": ["string", "integer"],
+                  "type": [
+                    "string",
+                    "integer"
+                  ],
                   "minLength": 1,
                   "maxLength": 255,
                   "description": "Username or UID to use for the container. It also supports the UID:GID format."
@@ -846,7 +853,10 @@
                 "additionalProperties": false,
                 "properties": {
                   "user": {
-                    "type": ["string", "integer"],
+                    "type": [
+                      "string",
+                      "integer"
+                    ],
                     "minLength": 1,
                     "maxLength": 255,
                     "description": "Username or UID to use for the container. It also supports the UID:GID format."
@@ -1028,6 +1038,52 @@
               ],
               "additionalProperties": false
             },
+            "aws_secrets_manager": {
+              "oneOf": [
+                {
+                  "type": "string",
+                  "description": "The ARN or name of the secret to retrieve. To retrieve a secret from another account, you must use an ARN."
+                },
+                {
+                  "type": "object",
+                  "markdownDescription": "Defines the secret to be fetched from AWS Secrets Manager. The secret_id refers to the ARN or name of the secret in AWS Secrets Manager. Version_id and version_stage are optional parameters that can be used to specify a specific version of the secret, else AWSCURRENT version will be returned.",
+                  "properties": {
+                    "secret_id": {
+                      "type": "string",
+                      "description": "The ARN or name of the secret to retrieve. To retrieve a secret from another account, you must use an ARN."
+                    },
+                    "version_id": {
+                      "type": "string",
+                      "description": "The unique identifier of the version of the secret to retrieve. If you include both this parameter and VersionStage, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT version."
+                    },
+                    "version_stage": {
+                      "type": "string",
+                      "description": "The staging label of the version of the secret to retrieve. If you include both this parameter and VersionStage, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT version."
+                    },
+                    "region": {
+                      "type": "string",
+                      "description": "The AWS region where the secret is stored. Use this to override the region for a specific secret. Defaults to AWS_REGION variable."
+                    },
+                    "role_arn": {
+                      "type": "string",
+                      "description": "The ARN of the IAM role to assume before retrieving the secret. Use this to override the ARN. Defaults to AWS_ROLE_ARN variable."
+                    },
+                    "role_session_name": {
+                      "type": "string",
+                      "description": "The name of the session to use when assuming the role. Use this to override the session name. Defaults to AWS_ROLE_SESSION_NAME variable."
+                    },
+                    "field": {
+                      "type": "string",
+                      "description": "The name of the field to retrieve from the secret. If not specified, the entire secret is retrieved."
+                    }
+                  },
+                  "required": [
+                    "secret_id"
+                  ],
+                  "additionalProperties": false
+                }
+              ]
+            },
             "akeyless": {
               "type": "object",
               "properties": {
@@ -1075,6 +1131,11 @@
                 "gcp_secret_manager"
               ]
             },
+            {
+              "required": [
+                "aws_secrets_manager"
+              ]
+            },
             {
               "required": [
                 "akeyless"
@@ -2411,10 +2472,11 @@
                   "type": "string"
                 },
                 "strategy": {
-                  "description": "You can mirror the pipeline status from the triggered pipeline to the source bridge job by using strategy: depend",
+                  "description": "You can mirror or depend on the pipeline status from the triggered pipeline to the source bridge job by using strategy: `depend` or `mirror`",
                   "type": "string",
                   "enum": [
-                    "depend"
+                    "depend",
+                    "mirror"
                   ]
                 },
                 "inputs": {
@@ -2595,10 +2657,11 @@
                   ]
                 },
                 "strategy": {
-                  "description": "You can mirror the pipeline status from the triggered pipeline to the source bridge job by using strategy: depend",
+                  "description": "You can mirror or depend on the pipeline status from the triggered pipeline to the source bridge job by using strategy: `depend` or `mirror`",
                   "type": "string",
                   "enum": [
-                    "depend"
+                    "depend",
+                    "mirror"
                   ]
                 },
                 "forward": {

src/check_jsonschema/builtin_schemas/vendor/gitlab-ci.json

@@ -567,7 +567,7 @@
           },
           "state": {
             "type": "string",
-            "description": "A path to a state file (relative to the project directory) to be provided to the extractor when it is run as part of a pipeline using meltano elt."
+            "description": "A path to a state file (relative to the project directory) to be provided to the extractor when it is run as part of a pipeline using meltano el or meltano elt."
           },
           "select": {
             "type": "array",
@@ -815,6 +815,7 @@
                 "file",
                 "email",
                 "integer",
+                "decimal",
                 "options",
                 "object",
                 "array",

src/check_jsonschema/builtin_schemas/vendor/meltano.json

@@ -1296,6 +1296,12 @@
           ],
           "title": "Reporting Method",
           "type": "string"
+        },
+        "post_comment": {
+          "default": true,
+          "description": "Whether to post merge protection status comments on pull requests",
+          "title": "Post Comment",
+          "type": "boolean"
         }
       },
       "title": "MergeProtectionsModel",
@@ -1306,7 +1312,7 @@
       "properties": {
         "max_parallel_checks": {
           "default": 5,
-          "description": "The maximum number of speculative checks allowed to run at the same time.",
+          "description": "The maximum number of speculative checks allowed to run at the same time. Setting this value to 1 disables speculative checks.",
           "maximum": 128,
           "minimum": 1,
           "title": "Max Parallel Checks",
@@ -2354,19 +2360,6 @@
           "title": "Branch Protection Injection Mode",
           "type": "string"
         },
-        "speculative_checks": {
-          "configuration_deprecated_attribute": {
-            "deprecated_summary_ghes_mode": "\n:bangbang: **Action Required** :bangbang:\n> **The configuration uses the deprecated `speculative_checks` attribute in the `queue_rules` section. It has been replaced in favor of `max_parallel_checks` in the `merge_queue` section of the configuration.\n> For more information: https://docs.mergify.com/merge-queue/speculative-checks/",
-            "deprecated_summary_saas_mode": "\n:bangbang: **Action Required** :bangbang:\n> **The configuration uses the deprecated `speculative_checks` attribute in the `queue_rules` section. It has been replaced in favor of `max_parallel_checks` in the `merge_queue` section of the configuration.\n> For more information: https://docs.mergify.com/merge-queue/speculative-checks/"
-          },
-          "default": 1,
-          "deprecated": true,
-          "description": "The maximum number of checks to run in parallel in the queue. Must be between 1 and 128.",
-          "maximum": 128,
-          "minimum": 1,
-          "title": "Speculative Checks",
-          "type": "integer"
-        },
         "batch_size": {
           "default": 1,
           "description": "The maximum number of pull requests per speculative check in the queue. Must be between 1 and 128.",
@@ -2384,7 +2377,7 @@
         },
         "allow_inplace_checks": {
           "default": true,
-          "description": "Allow to update or rebase the original pull request to check its mergeability when first in the queue and not part of a batch or speculative check.",
+          "description": "Allow to update or rebase the original pull request to check its mergeability when first in the queue and not part of a batch (see: `batch_size`) or speculative check (see: `max_parallel_checks`).",
           "title": "Allow Inplace Checks",
           "type": "boolean"
         },
@@ -2578,19 +2571,6 @@
           "title": "Branch Protection Injection Mode",
           "type": "string"
         },
-        "speculative_checks": {
-          "configuration_deprecated_attribute": {
-            "deprecated_summary_ghes_mode": "\n:bangbang: **Action Required** :bangbang:\n> **The configuration uses the deprecated `speculative_checks` attribute in the `queue_rules` section. It has been replaced in favor of `max_parallel_checks` in the `merge_queue` section of the configuration.\n> For more information: https://docs.mergify.com/merge-queue/speculative-checks/",
-            "deprecated_summary_saas_mode": "\n:bangbang: **Action Required** :bangbang:\n> **The configuration uses the deprecated `speculative_checks` attribute in the `queue_rules` section. It has been replaced in favor of `max_parallel_checks` in the `merge_queue` section of the configuration.\n> For more information: https://docs.mergify.com/merge-queue/speculative-checks/"
-          },
-          "default": 1,
-          "deprecated": true,
-          "description": "The maximum number of checks to run in parallel in the queue. Must be between 1 and 128.",
-          "maximum": 128,
-          "minimum": 1,
-          "title": "Speculative Checks",
-          "type": "integer"
-        },
         "batch_size": {
           "default": 1,
           "description": "The maximum number of pull requests per speculative check in the queue. Must be between 1 and 128.",
@@ -2608,7 +2588,7 @@
         },
         "allow_inplace_checks": {
           "default": true,
-          "description": "Allow to update or rebase the original pull request to check its mergeability when first in the queue and not part of a batch or speculative check.",
+          "description": "Allow to update or rebase the original pull request to check its mergeability when first in the queue and not part of a batch (see: `batch_size`) or speculative check (see: `max_parallel_checks`).",
           "title": "Allow Inplace Checks",
           "type": "boolean"
         },
@@ -2797,7 +2777,7 @@
             }
           ],
           "default": null,
-          "description": "To rebase, Mergify needs to impersonate a GitHub user. You can specify the account to use with this option. If no `bot_account` is set, Mergify picks the pull request author. The user account must have already been logged in Mergify dashboard once.",
+          "description": "To rebase, Mergify needs to impersonate a GitHub user. You can specify the account to use with this option. If no `bot_account` is set, Mergify picks the pull request author. The user account must have already been logged in Mergify dashboard once.\n\n**Warning:** Due to security on GitHub side, rebase cannot be performed on pull requests created by bot accounts without explicitly setting the `bot_account` impersonation option.",
           "title": "Bot Account"
         },
         "autosquash": {