Skip to content

chore(deps): bump the actions group with 3 updates#46

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-eecd726df5
Open

chore(deps): bump the actions group with 3 updates#46
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-eecd726df5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 3 updates: hyperpolymath/a2ml-validate-action, hyperpolymath/k9-validate-action and trufflesecurity/trufflehog.

Updates hyperpolymath/a2ml-validate-action from cb3c1e298169dc5ac2b42e257068b0fb5920cd5e to 05bcb78917c09702e90ed18004298a6728753914

Changelog

Sourced from hyperpolymath/a2ml-validate-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.0.0] - 2026-05-29

Added

  • Initial Marketplace-ready composite action for validating .a2ml manifests.
  • Configurable path, strict, and paths-ignore inputs.
  • GitHub Actions outputs for scanned files, validation errors, and warnings.

Fixed

  • Allow local smoke runs outside GitHub Actions by defaulting missing GITHUB_OUTPUT to /dev/null.
Commits
  • 05bcb78 ci: Secret Scanner caller must grant the reusable's job permissions (#56)
  • e558e79 fix(ci): clear OSSF Scorecard startup_failure (#55)
  • a1898b7 Revert #53: TOML is not canonical A2ML (spec is S-expr/Djot-like) (#54)
  • db22cd5 feat: canonical A2ML dialect = TOML (warn-by-default, enforce flag) (#53)
  • 7e1cd7e chore(deps): bump the actions group with 3 updates (#52)
  • c14a51a chore(deps): bump the actions group with 2 updates (#51)
  • abcc1a0 fix(clade): correct CLADE uuid (deterministic v5, was template residue) (#50)
  • 4ae6b48 docs: post-canon reference + factual fixes (#49)
  • ac1392a chore(hooks): version-controlled pre-commit + SPDX split by file-type (#48)
  • e8b8079 ci: refresh standards reusable pins to current HEAD (d7c2271) (#47)
  • Additional commits viewable in compare view

Updates hyperpolymath/k9-validate-action from 236f0035cc159051c8dd5dc7cd8af1e8cf961462 to 7c3c0e9fa5165626e74ecce78109b3295b798b92

Changelog

Sourced from hyperpolymath/k9-validate-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.0.0] - 2026-05-29

Added

  • Initial Marketplace-ready composite action for validating .k9 and .k9.ncl files.
  • Configurable path, strict, and paths-ignore inputs.
  • GitHub Actions outputs for scanned files, validation errors, and warnings.

Fixed

  • Allow local smoke runs outside GitHub Actions by defaulting missing GITHUB_OUTPUT to /dev/null.
Commits
  • 7c3c0e9 chore(deps): bump the actions group with 5 updates (#36)
  • bddcd91 ci: Secret Scanner caller must grant the reusable's job permissions (#35)
  • 3e091a3 chore(deps): bump the actions group with 4 updates (#34)
  • 91e2b6b fix(clade): correct identity uuid (deterministic v5) (#33)
  • b9acd2a chore(deps): bump the actions group with 2 updates (#32)
  • eea3a84 docs(readme): convert README.adoc -> Markdown (renders on Glama/profile/commu...
  • 9f95614 chore(ci): add dormant push-email notification workflow (#30)
  • 90ac96b chore(clade): backfill [status] lifecycle block (#29)
  • 8149729 chore(licence): normalise to MPL-2.0 + CC-BY-SA-4.0 (canonical pair) (#28)
  • 4a64df7 chore(ci): bump standards reusable workflow pins (#27)
  • Additional commits viewable in compare view

Updates trufflesecurity/trufflehog from 3.95.8 to 3.95.9

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.9

What's Changed

New Contributors

Full Changelog: trufflesecurity/trufflehog@v3.95.8...v3.95.9

Commits
  • 27b0417 Don't log as error when git diff is too long (#5113)
  • d328285 [INS-410] Added batch token detector (#4824)
  • 33d9dad [INT-715] Retry transient failures when verifying OpenAI keys (#5117)
  • d7dcc6d feat: Support archived repo exclusion from GH org scans (#4875)
  • f845f18 feat(action): add image input to allow registry mirror overrides (#4965)
  • 6c97970 [INS-468] Add improved lob detector to defaults.go (#4971)
  • 1675e17 fix: reject --include-repos/--exclude-repos with --repo in github scan (#5112)
  • 5c27626 [INS-467] Add IPinfo detector to default detectors list (#4970)
  • 53e6391 [INS-341] Added Shippo detector (#4820)
  • d3b5487 [INS-351] Added Duffel Token Detector (#4795)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 3 updates: [hyperpolymath/a2ml-validate-action](https://github.com/hyperpolymath/a2ml-validate-action), [hyperpolymath/k9-validate-action](https://github.com/hyperpolymath/k9-validate-action) and [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog).


Updates `hyperpolymath/a2ml-validate-action` from cb3c1e298169dc5ac2b42e257068b0fb5920cd5e to 05bcb78917c09702e90ed18004298a6728753914
- [Release notes](https://github.com/hyperpolymath/a2ml-validate-action/releases)
- [Changelog](https://github.com/hyperpolymath/a2ml-validate-action/blob/main/CHANGELOG.md)
- [Commits](hyperpolymath/a2ml-validate-action@cb3c1e2...05bcb78)

Updates `hyperpolymath/k9-validate-action` from 236f0035cc159051c8dd5dc7cd8af1e8cf961462 to 7c3c0e9fa5165626e74ecce78109b3295b798b92
- [Release notes](https://github.com/hyperpolymath/k9-validate-action/releases)
- [Changelog](https://github.com/hyperpolymath/k9-validate-action/blob/main/CHANGELOG.md)
- [Commits](hyperpolymath/k9-validate-action@236f003...7c3c0e9)

Updates `trufflesecurity/trufflehog` from 3.95.8 to 3.95.9
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@00155c9...27b0417)

---
updated-dependencies:
- dependency-name: hyperpolymath/a2ml-validate-action
  dependency-version: 05bcb78917c09702e90ed18004298a6728753914
  dependency-type: direct:production
  dependency-group: actions
- dependency-name: hyperpolymath/k9-validate-action
  dependency-version: 7c3c0e9fa5165626e74ecce78109b3295b798b92
  dependency-type: direct:production
  dependency-group: actions
- dependency-name: trufflesecurity/trufflehog
  dependency-version: 3.95.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 13, 2026
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants