Merge PR #316

Bumps the github-actions group with 18 updates:

| Package | From | To |
| --- | --- | --- |
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.13.2` | `2.14.0` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.0` |
`6.0.1` |
| [psf/black](https://github.com/psf/black) | `25.11.0` | `25.12.0` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.31.6` | `4.31.9` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `5.0.0` | `6.0.0` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1`
|
|
[nick2bad4u/generate-repo-file-list](https://github.com/nick2bad4u/generate-repo-file-list)
| `4b742561166c6eafcf23fbb0c79ff8869bbceb27` |
`0b66b048983ecaef45cb1bc7acc6c81e1d210de7` |
|
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
| `7.0.0` | `7.1.0` |
|
[google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml](https://github.com/google/osv-scanner-action)
| `2.3.0` | `2.3.1` |
|
[google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml](https://github.com/google/osv-scanner-action)
| `2.3.0` | `2.3.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.0.0`
| `6.1.0` |
|
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
| `7.0.9` | `8.0.0` |
| [sobelow/action](https://github.com/sobelow/action) | `1.1.0` |
`1.2.0` |
|
[rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions)
| `0.55.0` | `0.56.0` |
| [actions/stale](https://github.com/actions/stale) | `10.1.0` |
`10.1.1` |
|
[super-linter/super-linter](https://github.com/super-linter/super-linter)
| `8.3.0` | `8.3.2` |
|
[trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog)
| `3.91.1` | `3.92.4` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.40.0` |
`1.41.0` |

Updates `step-security/harden-runner` from 2.13.2 to 2.14.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.14.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Selective installation: Harden-Runner now skips installation on
GitHub-hosted runners when the repository has a custom property
skip_harden_runner, allowing organizations to opt out specific
repos.</li>
<li>Avoid double install: The action no longer installs Harden-Runner if
it’s already present on a GitHub-hosted runner, which could happen when
a composite action also installs it.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0">https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0</a></p>
<h2>v2.13.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixed an issue where process events were not uploaded in certain
edge cases.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3">https://github.com/step-security/harden-runner/compare/v2.13.2...v2.13.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/20cf305ff2072d973412fa9b1e3a4f227bda3c76"><code>20cf305</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/622">#622</a>
from step-security/feature/custom-property-skip</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/c51e8eeb6c4fdcd08f65e43a051dacdbfaa69702"><code>c51e8ee</code></a>
feat: skip agent install and post step on subsequent runs for
GitHub-hosted r...</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/e152b90204c3d85cefa1441b701a47a13ed28bd7"><code>e152b90</code></a>
feat: skip harden-runner based on repository custom property</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/ee1faec052d1000061fa79a13e030db11b3f86bd"><code>ee1faec</code></a>
feat: replace skip-harden-runner with skip-on-custom-property input</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/1dc7c1764659d537dab2a854b8e165a801103eb1"><code>1dc7c17</code></a>
feat: add skip-harden-runner input to conditionally skip execution</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/df199fb7be9f65074067a9eb93f12bb4c5547cf2"><code>df199fb</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/620">#620</a>
from step-security/rc-29</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/03d096a772368b1f0222005a6899d3e35a7f62df"><code>03d096a</code></a>
update agent</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40901073af04afd40408833437092a7467798f33"><code>4090107</code></a>
fix: update agent</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...20cf305ff2072d973412fa9b1e3a4f227bda3c76">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/checkout` from 6.0.0 to 6.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare
view</a></li>
</ul>
</details>
<br />

Updates `psf/black` from 25.11.0 to 25.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">psf/black's
releases</a>.</em></p>
<blockquote>
<h2>25.12.0</h2>
<p>Please test out the draft 2026 style in version 26.1a1! This style
will be finalized in
the January release (26.1.0). Most of the changes in
<code>--preview</code> will be in the 2026
stable style, but not all.
<a href="https://redirect.github.com/psf/black/issues/4042">Please share
your feedback!</a></p>
<p>This release (25.12.0) will still produce the 2025 style.</p>
<h3>Highlights</h3>
<ul>
<li>Black no longer supports running with Python 3.9 (<a
href="https://redirect.github.com/psf/black/issues/4842">#4842</a>)</li>
</ul>
<h3>Stable style</h3>
<ul>
<li>Fix bug where comments preceding <code># fmt: off</code>/<code>#
fmt: on</code> blocks were incorrectly
removed, particularly affecting Jupytext's <code># %% [markdown]</code>
comments (<a
href="https://redirect.github.com/psf/black/issues/4845">#4845</a>)</li>
<li>Fix crash when multiple <code># fmt: skip</code> comments are used
in a multi-part if-clause, on
string literals, or on dictionary entries with long lines (<a
href="https://redirect.github.com/psf/black/issues/4872">#4872</a>)</li>
<li>Fix possible crash when <code>fmt: </code> directives aren't on the
top level (<a
href="https://redirect.github.com/psf/black/issues/4856">#4856</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Fix <code>fmt: skip</code> skipping the line after instead of the
line it's on (<a
href="https://redirect.github.com/psf/black/issues/4855">#4855</a>)</li>
<li>Remove unnecessary parentheses from the left-hand side of
assignments while preserving
magic trailing commas and intentional multiline formatting (<a
href="https://redirect.github.com/psf/black/issues/4865">#4865</a>)</li>
<li>Fix <code>fix_fmt_skip_in_one_liners</code> crashing on
<code>with</code> statements (<a
href="https://redirect.github.com/psf/black/issues/4853">#4853</a>)</li>
<li>Fix <code>fix_fmt_skip_in_one_liners</code> crashing on annotated
parameters (<a
href="https://redirect.github.com/psf/black/issues/4854">#4854</a>)</li>
<li>Fix new lines being added after imports with <code># fmt:
skip</code> on them (<a
href="https://redirect.github.com/psf/black/issues/4894">#4894</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Releases now include arm64 Windows binaries and wheels (<a
href="https://redirect.github.com/psf/black/issues/4814">#4814</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Add <code>output-file</code> input to GitHub Action
<code>psf/black</code> to write formatter output to a
file for artifact capture and log cleanliness (<a
href="https://redirect.github.com/psf/black/issues/4824">#4824</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">psf/black's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<h2>Unreleased</h2>
<!-- raw HTML omitted -->
<h3>Highlights</h3>
<!-- raw HTML omitted -->
<h3>Stable style</h3>
<!-- raw HTML omitted -->
<h3>Preview style</h3>
<!-- raw HTML omitted -->
<h3>Configuration</h3>
<!-- raw HTML omitted -->
<h3>Packaging</h3>
<!-- raw HTML omitted -->
<h3>Parser</h3>
<!-- raw HTML omitted -->
<h3>Performance</h3>
<!-- raw HTML omitted -->
<h3>Output</h3>
<!-- raw HTML omitted -->
<h3><em>Blackd</em></h3>
<!-- raw HTML omitted -->
<h3>Integrations</h3>
<!-- raw HTML omitted -->
<ul>
<li>Upgraded PyPI upload workflow to use Trusted Publishing (<a
href="https://redirect.github.com/psf/black/issues/4611">#4611</a>)</li>
</ul>
<h3>Documentation</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/black/commit/782e5605c86aab56be6f905da10dcd3e463fd9c2"><code>782e560</code></a>
Pin actions/[email protected] (<a
href="https://redirect.github.com/psf/black/issues/4895">#4895</a>)</li>
<li><a
href="https://github.com/psf/black/commit/f0f40945c1b0ebaa9ca733aca517610574c451d6"><code>f0f4094</code></a>
Fix new lines being added after imports with <code># fmt: skip</code> on
them (<a
href="https://redirect.github.com/psf/black/issues/4894">#4894</a>)</li>
<li><a
href="https://github.com/psf/black/commit/70fc194172184861aafb418c124824cae0fbe3b0"><code>70fc194</code></a>
Revert &quot;Fix <code># fmt: skip</code> ignored in deeply nested
expressions&quot; (<a
href="https://redirect.github.com/psf/black/issues/4893">#4893</a>)</li>
<li><a
href="https://github.com/psf/black/commit/7044b145f4826e0d6e07178d89666856a8e37aff"><code>7044b14</code></a>
Prepare 25.12.0 release (<a
href="https://redirect.github.com/psf/black/issues/4891">#4891</a>)</li>
<li><a
href="https://github.com/psf/black/commit/5b470f0e577f3c39e0f7d668934d587c0733a652"><code>5b470f0</code></a>
Fix <code># fmt: skip</code> ignored in deeply nested expressions (<a
href="https://redirect.github.com/psf/black/issues/4883">#4883</a>)</li>
<li><a
href="https://github.com/psf/black/commit/1b342ef5b0433fc1ed61a7e05a65744bef706fc9"><code>1b342ef</code></a>
Fix crash when multiple <code># fmt: skip</code> comments are used in
multi-part if-clau...</li>
<li><a
href="https://github.com/psf/black/commit/7b265f16634155dafcca65f6122ef7ed8d14a67f"><code>7b265f1</code></a>
Pin Hatch to hopefully fix Docker builds (<a
href="https://redirect.github.com/psf/black/issues/4878">#4878</a>)</li>
<li><a
href="https://github.com/psf/black/commit/c9523f463fdc9d9f9f0e61ca92d9b37acdf0d8fc"><code>c9523f4</code></a>
Attempt to fix Docker build failures (<a
href="https://redirect.github.com/psf/black/issues/4876">#4876</a>)</li>
<li><a
href="https://github.com/psf/black/commit/0f376e0c35bcb29f87ce18eace30333a3e105841"><code>0f376e0</code></a>
Fix crashes when fmt directives are indented (<a
href="https://redirect.github.com/psf/black/issues/4856">#4856</a>)</li>
<li><a
href="https://github.com/psf/black/commit/a8bfcc1040fdfce2e02cdd85dc8bf4e7abe0462f"><code>a8bfcc1</code></a>
Fix <code>fmt: skip</code> skipping the line after instead of the line
it's on (<a
href="https://redirect.github.com/psf/black/issues/4855">#4855</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/05f0a8ce1f71fbb36e1e032d3b518c7b945089a2...782e5605c86aab56be6f905da10dcd3e463fd9c2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.31.6 to 4.31.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.31.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v4.31.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.31.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<h2>4.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<h2>4.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
<li>Update default CodeQL bundle version to 2.23.5. <a
href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li>
</ul>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/5d4e8d1aca955e8d8589aabd499c5cae939e33c7"><code>5d4e8d1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3371">#3371</a>
from github/update-v4.31.9-998798e34</li>
<li><a
href="https://github.com/github/codeql-action/commit/1dc115f17a8c6966e94a6477313dd3df6319bc83"><code>1dc115f</code></a>
Update changelog for v4.31.9</li>
<li><a
href="https://github.com/github/codeql-action/commit/998798e34d79baddb1566c60bbb8f68a901c04e6"><code>998798e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3352">#3352</a>
from github/nickrolfe/jar-min-ff-cleanup</li>
<li><a
href="https://github.com/github/codeql-action/commit/5eb751966fe18977cdefa4e41e0f90e92801ce90"><code>5eb7519</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3358">#3358</a>
from github/henrymercer/database-upload-telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/d29eddb39b7c33171bb0250114b1c9e3ff8fe2bc"><code>d29eddb</code></a>
Extract version number to constant</li>
<li><a
href="https://github.com/github/codeql-action/commit/e9626872ef3347a9c18091d60da647084c2451a6"><code>e962687</code></a>
Merge branch 'main' into henrymercer/database-upload-telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/19c7f96922a6269458f2cadcc23faf0ebaa1368b"><code>19c7f96</code></a>
Rename <code>isOverlayBase</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/ae5de9a20d0468cc3818a0dc5c99e456f996d9cf"><code>ae5de9a</code></a>
Use <code>getErrorMessage</code> in log too</li>
<li><a
href="https://github.com/github/codeql-action/commit/0cb86337c5111af4ff3dc7e8f9b98c479c9ea954"><code>0cb8633</code></a>
Prefer <code>performance.now()</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/c07cc0d3a95a282fc5a54477464931c776d124ec"><code>c07cc0d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3351">#3351</a>
from github/henrymercer/ghec-dr-determine-tools-vers...</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/fe4161a26a8629af62121b670040955b330f9af2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>v6 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v5 had preliminary
support for Node.js 24, however this action was by default still running
on Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Upload Artifact Node 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li>
<li>fix: update <code>@​actions/artifact</code> for Node.js 24 punycode
deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li>
<li>prepare release v6.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f"><code>b7c566a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a>
from actions/upload-artifact-v6-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b"><code>e516bc8</code></a>
docs: correct description of Node.js 24 support in README</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/ddc45ed9bca9b38dbd643978d88e3981cdc91415"><code>ddc45ed</code></a>
docs: update README to correct action name for Node.js 24 support</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/615b319bd27bb32c3d64dca6b6ed6974d5fbe653"><code>615b319</code></a>
chore: release v6.0.0 for Node.js 24 support</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/017748b48f8610ca8e6af1222f4a618e84a9c703"><code>017748b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/744">#744</a>
from actions/fix-storage-blob</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/38d4c7997f5510fcc41fc4aae2a6b97becdbe7fc"><code>38d4c79</code></a>
chore: rebuild dist</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/7d27270e0cfd253e666c44abac0711308d2d042f"><code>7d27270</code></a>
chore: add missing license cache files for <code>@​actions/core</code>,
<code>@​actions/io</code>, and mi...</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/5f643d3c9475505ccaf26d686ffbfb71a8387261"><code>5f643d3</code></a>
chore: update license files for <code>@​actions/artifact</code><a
href="https://github.com/5"><code>@​5</code></a>.0.1 dependencies</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/1df1684032c88614064493e1a0478fcb3583e1d0"><code>1df1684</code></a>
chore: update package-lock.json with <code>@​actions/artifact</code><a
href="https://github.com/5"><code>@​5</code></a>.0.1</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b5b1a918401ee270935b6b1d857ae66c85f3be6f"><code>b5b1a91</code></a>
fix: update <code>@​actions/artifact</code> to ^5.0.0 for Node.js 24
punycode fix</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/cache` from 4.3.0 to 5.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.1</h2>
<blockquote>
<p>[!IMPORTANT]
<strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of
<code>2.327.1</code>.</strong></p>
<p>If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<hr />
<h1>v5.0.1</h1>
<h2>What's Changed</h2>
<ul>
<li>fix: update <code>@​actions/cache</code> for Node.js 24 punycode
deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1685">actions/cache#1685</a></li>
<li>prepare release v5.0.1 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1686">actions/cache#1686</a></li>
</ul>
<h1>v5.0.0</h1>
<h2>What's Changed</h2>
<ul>
<li>Upgrade to use node24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.0.1">https://github.com/actions/cache/compare/v5...v5.0.1</a></p>
<h2>v5.0.0</h2>
<blockquote>
<p>[!IMPORTANT]
<strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of
<code>2.327.1</code>.</strong></p>
<p>If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<hr />
<h2>What's Changed</h2>
<ul>
<li>Upgrade to use node24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.3.0...v5.0.0">https://github.com/actions/cache/compare/v4.3.0...v5.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>Changelog</h2>
<h3>5.0.1</h3>
<ul>
<li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via
<code>@actions/[email protected]</code> <a
href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li>
</ul>
<h3>5.0.0</h3>
<blockquote>
<p>[!IMPORTANT]
<code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of <code>2.327.1</code>.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>4.3.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to <a
href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li>
</ul>
<h3>4.2.4</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.5</li>
</ul>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/9255dc7a253b0ccc959486e2bca901246202afeb"><code>9255dc7</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1686">#1686</a>
from actions/cache-v5.0.1-release</li>
<li><a
href="https://github.com/actions/cache/commit/8ff5423e8b66eacab4e638ee52abbd2cb831366a"><code>8ff5423</code></a>
chore: release v5.0.1</li>
<li><a
href="https://github.com/actions/cache/commit/9233019a152bc768059ac1768b8e4403b5da16c1"><code>9233019</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1685">#1685</a>
from salmanmkc/node24-storage-blob-fix</li>
<li><a
href="https://github.com/actions/cache/commit/b975f2bb844529e1063ad882c609b224bcd66eb6"><code>b975f2b</code></a>
fix: add peer property to package-lock.json for dependencies</li>
<li><a
href="https://github.com/actions/cache/commit/d0a0e1813491d01d574c95f8d189f62622bbb2ae"><code>d0a0e18</code></a>
fix: update license files for <code>@​actions/cache</code>,
fast-xml-parser, and strnum</li>
<li><a
href="https://github.com/actions/cache/commit/74de208dcfcbe85c0e7154e7b17e4105fe2554ff"><code>74de208</code></a>
fix: update <code>@​actions/cache</code> to ^5.0.1 for Node.js 24
punycode fix</li>
<li><a
href="https://github.com/actions/cache/commit/ac7f1152ead02e89c14b5456d14ab17591e74cfb"><code>ac7f115</code></a>
peer</li>
<li><a
href="https://github.com/actions/cache/commit/b0f846b50b6061d7a2ca6f1a2fea61d4a65d1a16"><code>b0f846b</code></a>
fix: update <code>@​actions/cache</code> with storage-blob fix for
Node.js 24 punycode depr...</li>
<li><a
href="https://github.com/actions/cache/commit/a7833574556fa59680c1b7cb190c1735db73ebf0"><code>a783357</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1684">#1684</a>
from actions/prepare-cache-v5-release</li>
<li><a
href="https://github.com/actions/cache/commit/3bb0d78750a39cefce0c2b5a0a9801052b4359ad"><code>3bb0d78</code></a>
docs: highlight v5 runner requirement in releases</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb">compare
view</a></li>
</ul>
</details>
<br />

Updates `nick2bad4u/generate-repo-file-list` from
4b742561166c6eafcf23fbb0c79ff8869bbceb27 to
0b66b048983ecaef45cb1bc7acc6c81e1d210de7
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Nick2bad4u/Generate-Repo-File-List/commit/0b66b048983ecaef45cb1bc7acc6c81e1d210de7"><code>0b66b04</code></a>
Merge pull request <a
href="https://redirect.github.com/nick2bad4u/generate-repo-file-list/issues/38">#38</a>
from Nick2bad4u/dependabot/github_actions/github-actio...</li>
<li><a
href="https://github.com/Nick2bad4u/Generate-Repo-File-List/commit/900c5ad3d36205c6565d4d60808a201f6fb13dcd"><code>900c5ad</code></a>
Bump the github-actions group with 8 updates</li>
<li>See full diff in <a
href="https://github.com/nick2bad4u/generate-repo-file-list/compare/4b742561166c6eafcf23fbb0c79ff8869bbceb27...0b66b048983ecaef45cb1bc7acc6c81e1d210de7">compare
view</a></li>
</ul>
</details>
<br />

Updates `stefanzweifel/git-auto-commit-action` from 7.0.0 to 7.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.0</h2>
<h2>Added</h2>
<ul>
<li>Add skip_push input option (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/401">#401</a>)
<a
href="https://github.com/@kvanzuijlen"><code>@​kvanzuijlen</code></a></li>
</ul>
<h2>Changes</h2>
<ul>
<li>docs: fix typo in README.md (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/400">#400</a>)
<a
href="https://github.com/@GideonBear"><code>@​GideonBear</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/399">#399</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
<li>Bump bats from 1.12.0 to 1.13.0 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/398">#398</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.1.0...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...v7.1.0">v7.1.0</a>
- 2025-12-17</h2>
<h3>Added</h3>
<ul>
<li>Add skip_push input option (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/401">#401</a>)
<a
href="https://github.com/@kvanzuijlen"><code>@​kvanzuijlen</code></a></li>
</ul>
<h3>Changes</h3>
<ul>
<li>docs: fix typo in README.md (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/400">#400</a>)
<a
href="https://github.com/@GideonBear"><code>@​GideonBear</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/399">#399</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
<li>Bump bats from 1.12.0 to 1.13.0 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/398">#398</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...v7.0.0">v7.0.0</a>
- 2025-10-12</h2>
<h3>Added</h3>
<ul>
<li>Restore skip_fetch, skip_checkout, create_branch (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/388">#388</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
<li>Restore Detached State Detection (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/393">#393</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
<li>Add Support for Tag Messages (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/391">#391</a>)
<a
href="https://github.com/@EliasBoulharts"><code>@​EliasBoulharts</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Run Action on Node 24 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/389">#389</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/386">#386</a>)
[@<a href="https://github.com/apps/dependabot">dependabot[bot]</a>](<a
href="https://github.com/@%5Bdependabot%5Bbot%5D%5D(https://github.com/apps/dependabot)">https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot)</a>)</li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.0...v6.0.1">v6.0.1</a>
- 2025-06-11</h2>
<h3>Fixed</h3>
<ul>
<li>Disable Check if Repo is in Detached State (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/pull/379">#379</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.2.0...v6.0.0">v6.0.0</a>
- 2025-06-10</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/04702edda442b2e678b25b537cec683a1493fcb9"><code>04702ed</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/399">#399</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/1e49d5001fa4bb7d02711af41f4af23c58ef1de8"><code>1e49d50</code></a>
Add skip_push input option (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/401">#401</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/65c56779c90b0324ac2a7e7c31ec876b8db47914"><code>65c5677</code></a>
docs: fix typo in README.md (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/400">#400</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/547c1409cec143c754e148a6fbdfa359db836cf6"><code>547c140</code></a>
Bump bats from 1.12.0 to 1.13.0 (<a
href="https://redirect.github.com/stefanzweifel/git-auto-commit-action/issues/398">#398</a>)</li>
<li><a
href="https://github.com/stefanzweifel/git-auto-commit-action/commit/8fa7f5a3c51038deaa521c22ae89fac24baad8e7"><code>8fa7f5a</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/28e16e81777b558cc906c8750092100bbb34c5e3...04702edda442b2e678b25b537cec683a1493fcb9">compare
view</a></li>
</ul>
</details>
<br />

Updates
`google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml`
from 2.3.0 to 2.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update workflows (major) by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/105">google/osv-scanner-action#105</a></li>
<li>chore(deps): update github/codeql-action action to v4.31.7 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/108">google/osv-scanner-action#108</a></li>
<li>chore: more specific name for uploaded artifact by <a
href="https://github.com/marcusburghardt"><code>@​marcusburghardt</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/111">google/osv-scanner-action#111</a></li>
<li>Update to v2.3.1 by <a
href="https://github.com/cuixq"><code>@​cuixq</code></a> in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/112">google/osv-scanner-action#112</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/marcusburghardt"><code>@​marcusburghardt</code></a>
made their first contribution in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/111">google/osv-scanner-action#111</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/osv-scanner-action/compare/v2.3.0...v2.3.1">https://github.com/google/osv-scanner-action/compare/v2.3.0...v2.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/osv-scanner-action/commit/375a0e8ebdc98e99b02ac4338a724f5750f21213"><code>375a0e8</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/112">#112</a>
from google/update-to-v2.3.1</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/611152df994a33eb69e5eb9efc96d5827644ebf1"><code>611152d</code></a>
Update unified workflow example to point to v2.3.1 reusable
workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/ccb575fd49a679661853f52831627d4578f6816d"><code>ccb575f</code></a>
Update reusable workflows to point to v2.3.1 actions</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/ffff457756fc02fd3b933aabf3705406f57a2e19"><code>ffff457</code></a>
&quot;Update actions to use v2.3.1 osv-scanner image&quot;</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/f011708954f1b1c8230169fcb09e19f7a7256238"><code>f011708</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/111">#111</a>
from marcusburghardt/upload_name</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/54338a3f86ac6ccf857643b4f514de930aa186e0"><code>54338a3</code></a>
chore: more specific name for uploaded artifact</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/2e56ca8e8d4c0e8ff9778bf86fc1db27576141c9"><code>2e56ca8</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/108">#108</a>
from renovate-bot/renovate/workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/540b498ec12ae9ff77f421197953bb2e5818a30c"><code>540b498</code></a>
chore(deps): update github/codeql-action action to v4.31.7</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/08b0aaeb6b6c6659ff98c5463e60e4b70008bfff"><code>08b0aae</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/105">#105</a>
from renovate-bot/renovate/major-workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/7b64497d111dc9ccd04ce6887a9bc5966a537a5c"><code>7b64497</code></a>
chore(deps): update workflows</li>
<li>See full diff in <a
href="https://github.com/google/osv-scanner-action/compare/b77c075a1235514558f0eb88dbd31e22c45e0cd2...375a0e8ebdc98e99b02ac4338a724f5750f21213">compare
view</a></li>
</ul>
</details>
<br />

Updates
`google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml`
from 2.3.0 to 2.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update workflows (major) by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/105">google/osv-scanner-action#105</a></li>
<li>chore(deps): update github/codeql-action action to v4.31.7 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/108">google/osv-scanner-action#108</a></li>
<li>chore: more specific name for uploaded artifact by <a
href="https://github.com/marcusburghardt"><code>@​marcusburghardt</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/111">google/osv-scanner-action#111</a></li>
<li>Update to v2.3.1 by <a
href="https://github.com/cuixq"><code>@​cuixq</code></a> in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/112">google/osv-scanner-action#112</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/marcusburghardt"><code>@​marcusburghardt</code></a>
made their first contribution in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/111">google/osv-scanner-action#111</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/osv-scanner-action/compare/v2.3.0...v2.3.1">https://github.com/google/osv-scanner-action/compare/v2.3.0...v2.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/osv-scanner-action/commit/375a0e8ebdc98e99b02ac4338a724f5750f21213"><code>375a0e8</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/112">#112</a>
from google/update-to-v2.3.1</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/611152df994a33eb69e5eb9efc96d5827644ebf1"><code>611152d</code></a>
Update unified workflow example to point to v2.3.1 reusable
workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/ccb575fd49a679661853f52831627d4578f6816d"><code>ccb575f</code></a>
Update reusable workflows to point to v2.3.1 actions</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/ffff457756fc02fd3b933aabf3705406f57a2e19"><code>ffff457</code></a>
&quot;Update actions to use v2.3.1 osv-scanner image&quot;</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/f011708954f1b1c8230169fcb09e19f7a7256238"><code>f011708</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/111">#111</a>
from marcusburghardt/upload_name</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/54338a3f86ac6ccf857643b4f514de930aa186e0"><code>54338a3</code></a>
chore: more specific name for uploaded artifact</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/2e56ca8e8d4c0e8ff9778bf86fc1db27576141c9"><code>2e56ca8</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/108">#108</a>
from renovate-bot/renovate/workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/540b498ec12ae9ff77f421197953bb2e5818a30c"><code>540b498</code></a>
chore(deps): update github/codeql-action action to v4.31.7</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/08b0aaeb6b6c6659ff98c5463e60e4b70008bfff"><code>08b0aae</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/105">#105</a>
from renovate-bot/renovate/major-workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/7b64497d111dc9ccd04ce6887a9bc5966a537a5c"><code>7b64497</code></a>
chore(deps): update workflows</li>
<li>See full diff in <a
href="https://github.com/google/osv-scanner-action/compare/b77c075a1235514558f0eb88dbd31e22c45e0cd2...375a0e8ebdc98e99b02ac4338a724f5750f21213">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-node` from 6.0.0 to 6.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement:</h3>
<ul>
<li>Remove always-auth configuration handling by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1436">actions/setup-node#1436</a></li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@​actions/cache</code> from 4.0.3 to 4.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1384">actions/setup-node#1384</a></li>
<li>Upgrade actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1439">actions/setup-node#1439</a></li>
<li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1435">actions/setup-node#1435</a></li>
</ul>
<h3>Documentation update:</h3>
<ul>
<li>Add example for restore-only cache in documentation by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1419">actions/setup-node#1419</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v6...v6.1.0">https://github.com/actions/setup-node/compare/v6...v6.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-node/commit/395ad3262231945c25e8478fd5baf05154b1d79f"><code>395ad32</code></a>
Bump js-yaml from 3.14.1 to 3.14.2 (<a
href="https://redirect.github.com/actions/setup-node/issues/1435">#1435</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/a4d2e2bbca97c78789c5b6f8b2092769fdd8005c"><code>a4d2e2b</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/actions/setup-node/issues/1439">#1439</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/b9b25d45f70a5d94d88496aa4896bf9ed8f49b67"><code>b9b25d4</code></a>
Remove always-auth configuration handling from action (<a
href="https://redirect.github.com/actions/setup-node/issues/1436">#1436</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/633bb92bc0aabcae06e8ea93b85aecddd374c402"><code>633bb92</code></a>
Bump <code>@​actions/cache</code> from 4.0.3 to 4.1.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1384">#1384</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/dda4788290998366da86b6a4f497909644397bb2"><code>dda4788</code></a>
Add example for restore-only cache in documentation (<a
href="https://redirect.github.com/actions/setup-node/issues/1419">#1419</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...395ad3262231945c25e8478fd5baf05154b1d79f">compare
view</a></li>
</ul>
</details>
<br />

Updates `peter-evans/create-pull-request` from 7.0.9 to 8.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v8.0.0</h2>
<h2>What's new in v8</h2>
<ul>
<li>Requires <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions
Runner v2.327.1</a> or later if you are using a self-hosted runner for
Node 24 support.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>chore: Update checkout action version to v6 by <a
href="https://github.com/yonas"><code>@​yonas</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li>
<li>Update actions/checkout references to <a
href="https://github.com/v6"><code>@​v6</code></a> in docs by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li>
<li>feat: v8 by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4260">peter-evans/create-pull-request#4260</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yonas"><code>@​yonas</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li>
<li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0">https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0</a></p>
<h2>Create Pull Request v7.0.11</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: restrict remote prune to self-hosted runners by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4250">peter-evans/create-pull-request#4250</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11">https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11</a></p>
<h2>Create Pull Request v7.0.10</h2>
<p>⚙️ Fixes an issue where updating a pull request failed when targeting
a forked repository with the same owner as its parent.</p>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4235">peter-evans/create-pull-request#4235</a></li>
<li>build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4240">peter-evans/create-pull-request#4240</a></li>
<li>fix: provider list pulls fallback for multi fork same owner by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4245">peter-evans/create-pull-request#4245</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/obnyis"><code>@​obnyis</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4064">peter-evans/create-pull-request#4064</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10">https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/98357b18bf14b5342f975ff684046ec3b2a07725"><code>98357b1</code></a>
feat: v8 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4260">#4260</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/41c0e4b7899a4a0922bf899d64c5f25738cfe356"><code>41c0e4b</code></a>
Update actions/checkout references to <a
href="https://github.com/v6"><code>@​v6</code></a> in docs (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4259">#4259</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/994332de4c8124517167807167073cf397678768"><code>994332d</code></a>
chore: Update checkout action version to v6 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4258">#4258</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/22a9089034f40e5a961c8808d113e2c98fb63676"><code>22a9089</code></a>
fix: restrict remote prune to self-hosted runners (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4250">#4250</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/d4f3be6ce6f4083b7ac7490ab98b48a62db1ee41"><code>d4f3be6</code></a>
fix: provider list pulls fallback for multi fork same owner (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4245">#4245</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/bc8a47f5657f110049f4afd030c95529a9c62b76"><code>bc8a47f</code></a>
build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4240">#4240</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/a67ef28ca5df73d51a15007068e5931257943b0d"><code>a67ef28</code></a>
build(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4235">#4235</a>)</li>
<li>See full diff in <a
href="https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...98357b18bf14b5342f975ff684046ec3b2a07725">compare
view</a></li>
</ul>
</details>
<br />

Updates `sobelow/action` from 1.1.0 to 1.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sobelow/action/releases">sobelow/action's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions versions &amp; other minor updates to docs by <a
href="https://github.com/antedeguemon"><code>@​antedeguemon</code></a>
in <a
href="https://redirect.github.com/sobelow/action/pull/5">sobelow/action#5</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/antedeguemon"><code>@​antedeguemon</code></a>
made their first contribution in <a
href="https://redirect.github.com/sobelow/action/pull/5">sobelow/action#5</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sobelow/action/compare/v1.1.0...v1.2.0">https://github.com/sobelow/action/compare/v1.1.0...v1.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sobelow/action/commit/4c2cc216597acef2c5f8b4b2e49ad591be36ce36"><code>4c2cc21</code></a>
Merge pull request <a
href="https://redirect.github.com/sobelow/action/issues/5">#5</a> from
antedeguemon/updates-docs</li>
<li><a
href="https://github.com/sobelow/action/commit/55845e4c8f57abab3182a24fef7a0fd1c8cd554f"><code>55845e4</code></a>
Update actions/checkout &amp; actions/codeql versions</li>
<li><a
href="https://github.com/sobelow/action/commit/2b4132e6ec312a2080b28e0ece892da9ef1fe6be"><code>2b4132e</code></a>
Fix markdown formatting</li>
<li><a
href="https://github.com/sobelow/action/commit/6e2848d0d88a034f5f0b68e49c217c2f01ad2949"><code>6e2848d</code></a>
Update links to point to sobelow org</li>
<li>See full diff in <a
href="https://github.com/sobelow/action/compare/a9bf221c4eef7e7a4486fa1f06257511c9780b46...4c2cc216597acef2c5f8b4b2e49ad591be36ce36">compare
view</a></li>
</ul>
</details>
<br />

Updates `rojopolis/spellcheck-github-actions` from 0.55.0 to 0.56.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rojopolis/spellcheck-github-actions/releases">rojopolis/spellcheck-github-actions's
releases</a>.</em></p>
<blockquote>
<h2>0.56.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump rojopolis/spellcheck-github-actions from 0.54.0 to 0.55.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/297">rojopolis/spellcheck-github-actions#297</a></li>
<li>Bump docker/metadata-action from 5.9.0 to 5.10.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/296">rojopolis/spellcheck-github-actions#296</a></li>
<li>Bump actions/checkout from 6.0.0 to 6.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/300">rojopolis/spellcheck-github-actions#300</a></li>
<li>Bump actions/upload-artifact from 5.0.0 to 6.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/302">rojopolis/spellcheck-github-actions#302</a></li>
<li>Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/304">rojopolis/spellcheck-github-actions#304</a></li>
<li>Support for Portuguese by <a
href="https://github.com/jonasbn"><code>@​jonasbn</code></a> in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/305">rojopolis/spellcheck-github-actions#305</a></li>
<li>Update of Docker base image tp Python 3.14.2 by <a
href="https://github.com/jonasbn"><code>@​jonasbn</code></a> in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/306">rojopolis/spellcheck-github-actions#306</a></li>
<li>Preparing release 0.56.0, maintenance and feature release by <a
href="https://github.com/jonasbn"><code>@​jonasbn</code></a> in <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/pull/307">rojopolis/spellcheck-github-actions#307</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rojopolis/spellcheck-github-actions/compare/0.55.0...0.56.0">https://github.com/rojopolis/spellcheck-github-actions/compare/0.55.0...0.56.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md">rojopolis/spellcheck-github-actions's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log for spellcheck-github-actions</h1>
<h2>0.56.0, 2025-12-27, feature and maintenance release, update not
required</h2>
<ul>
<li>Support for Portuguese (Portugal and Brazil) for both Hunspell and
Aspell, requested by: <a
href="https://github.com/mdiazgoncalves"><code>@​mdiazgoncalves</code></a>
via issue <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/issues/298">#298</a></li>
<li>Docker image updated to Python 3.14.2 trixie slim <a
href="https://docs.python.org/release/3.14.2/whatsnew/changelog.html">Release
notes for Python 3.14.2</a></li>
</ul>
<h2>0.55.0, 2025-11-27, maintenance release, update not required</h2>
<ul>
<li>Via an issue <a
href="https://redirect.github.com/rojopolis/spellcheck-github-actions/issues/293">#293</a>
from <a href="https://github.com/shoverbj"><code>@​shoverbj</code></a>,
an update to the core component <strong>PySpelling</strong> from version
2.12.0 to version <code>2.12.1</code> was made, this allows for use of
large dictionaries with Aspell</li>
</ul>
<h2>0.54.0, 2025-11-05, feature release, update not required</h2>
<ul>
<li>
<p>PySpelling the core component has been updated to version 2.12.0,
which introduces support for maximum available cores. The feature is
described in the <a
href="https://github.com/facelessuser/pyspelling/releases/tag/2.12.0">release
notes for PySpelling 2.12.0</a>. See the <a
href="https://facelessuser.github.io/pyspelling/configuration/">documentation
for PySpelling</a>.</p>
</li>
<li>
<p>The flag was introduced with <a
href="https://github.com/facelessuser/pyspelling/releases/tag/2.10.0">release
2.10 of PySpelling</a>, which was adopted in release 0.36.0 of this
action.</p>
</li>
</ul>
<h2>0.53.0, 2025-10-25, maintenance release, update not required</h2>
<ul>
<li>
<p>Docker image updated to Python 3.14.0 trixie slim <a
href="https://docs.python.org/release/3.14.0/whatsnew/changelog.html">Release
notes for Python 3.14.0</a>, this originated from the PR mentioned
below, however updated to Trixie from Bookworm and as always the slim
variant is used</p>
</li>
<li>
<p>Bu…

Author: Nick2bad4u

.github/workflows/ActionLint.yml

@@ -36,10 +36,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - uses: devops-actions/actionlint@467e2ce19b2310e93c9ffa0b50fe31f86b5a7f23 #v0.1.10
         continue-on-error: true
         id: action-lint

.github/workflows/Bandit.yml

@@ -53,7 +53,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -63,7 +63,7 @@ jobs:
             github.com:443
             pypi.org:443
 
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Bandit Scan
         uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c
         with: # optional arguments

.github/workflows/Snake.yml

@@ -46,7 +46,7 @@ jobs:
     steps:
       # generates a snake game from a github user (<github_user_name>) contributions graph, output a svg animation at <svg_out_path>
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 

.github/workflows/black-formatter.yml

@@ -37,7 +37,7 @@ jobs:
     steps:
       # Step to harden the runner for security purposes
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           disable-sudo: true # Disable sudo to prevent privilege escalation
           egress-policy: block # Block all egress traffic
@@ -48,8 +48,8 @@ jobs:
 
       # Step to checkout the repository code
       - name: Checkout Code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # Step to run the Black code formatter
       - name: Run Black Formatter
-        uses: psf/black@05f0a8ce1f71fbb36e1e032d3b518c7b945089a2 # stable
+        uses: psf/black@782e5605c86aab56be6f905da10dcd3e463fd9c2 # stable

.github/workflows/codeql.yml

@@ -66,16 +66,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
+        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -85,7 +85,7 @@ jobs:
           # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
           # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
+        uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -98,6 +98,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
+        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/deno.yml

@@ -46,12 +46,12 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
       - name: Setup repo
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Setup Deno
         # uses: denoland/setup-deno@v1

.github/workflows/dependency-review.yml

@@ -39,11 +39,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
       - name: "Checkout Repository"
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: "Dependency Review"
         uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2

.github/workflows/devskim.yml

@@ -30,12 +30,12 @@ jobs:
       security-events: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16
@@ -57,12 +57,12 @@ jobs:
           done
 
       - name: Upload DevSkim SARIF as artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: devskim-results
           path: devskim-results.sarif
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5
         with:
           sarif_file: devskim-results.sarif

.github/workflows/eslint.yml

@@ -44,15 +44,15 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Cache node modules
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: ./node_modules
           key: ${{ runner.os }}-.-node-modules-${{ hashFiles('./package-lock.json') }}
@@ -72,13 +72,13 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v2.27.0
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v2.27.0
         with:
           sarif_file: eslint-results.sarif
           wait-for-processing: true
 
       - name: Upload ESLint SARIF as artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: eslint-results
           path: eslint-results.sarif

.github/workflows/generate-file-list.yml

@@ -17,12 +17,12 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: List files in the repository
         run: |
@@ -55,7 +55,7 @@ jobs:
           # For example: pip install requests
 
       - name: Run Generate Repo File List Action
-        uses: nick2bad4u/generate-repo-file-list@4b742561166c6eafcf23fbb0c79ff8869bbceb27 # main
+        uses: nick2bad4u/generate-repo-file-list@0b66b048983ecaef45cb1bc7acc6c81e1d210de7 # main
         with:
           log-level: "INFO"
           directory: "."
@@ -155,7 +155,7 @@ jobs:
             }
 
       - name: Commit and push changes
-        uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
         with:
           commit_message: "Update file list in README.md automatically with GitHub Action"
           file_pattern: "README.md file_list.md file_list.html"